CVE-2025-15264

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-15264 FeehiCMS TimThumb timthumb.php server-side request forgery

A vulnerability was determined in FeehiCMS up to 2.1.1. Impacted is an unknown function of the file frontend/web/timthumb.php of the component TimThumb. Executing manipulation of the argument src can lead to server-side request forgery. The attack can be launched remotely. The exploit has been...

CVE-2025-13899 TR Timthumb <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The TR Timthumb plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcode attributes in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

EUVD-2010-5261

Malware in sbrugna...

EUVD-2023-48599

Malicious code in bioql PyPI...

CVE-2023-44240

Cross-Site Request Forgery CSRF vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin = 1.54 versions...

CVE-2011-4106

TimThumb timthumb.php before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache...

CVE-2010-5303

Cross-site scripting XSS vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 r85, as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString...

CVE-2009-5142

Cross-site scripting XSS vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter...

CVE-2023-44240

Cross-Site Request Forgery CSRF vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin = 1.54 versions...

CVE-2023-44240

CVE-2023-44240 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Timthumb Vulnerability Scanner plugin (

WordPress Plugin Timthumb Vulnerability Scanner Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2010-5303

Cross-site scripting XSS vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 r85, as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString...

WordPress Dailyedition-mouss Multiple Vulnerabilities

WordPress Dailyedition-mouss theme suffers from a remote SQL injection vulnerability, XSS, FPD, AoF, DoS, AFU vulnerabilities. Note that this finding houses site-specific data. I want to warn you about multiple vulnerabilities in Daily Edition Mouss theme for WordPress. In 2011 when I wrote about...

GetSimple Plugins - The Photo Gallery Timthumb Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

WordPress thumbnail script timthumb. php exploit detailed explanation-vulnerability warning-the black bar safety net

timthumb. php is a very popular Wordpress thumbnail script. Abroad some of the very famous themes are used in this plugin, such as Woothemes, etc. Vulnerability is mainly because of the timthumb by default defines a including Flickr, Picasa and other famous photo sharing site to the white list...