Fix ImageMagick Remote Code Execution Vulnerability

A serious vulnerability has been discovered in ImageMagick, which is widely popular package used for image processing. More details about vulnerability, please check https://imagetragick.com/

WordPress uses ImageMagick first, before falling back to GD library. But most shared hosting do not provide ImageMagick so chances of this issue affecting you is very less.

rtMedia Photo Filter and Watermark addons  require ImageMagick so you might have installed it.

How to check if ImageMagick is present on your WordPress?

Assuming you are using rtMedia, please go to:

http://example.com/wp-admin/admin.php?page=rtmedia-support#debug

Please replace example.com with your WordPress site URL.

If you see a string as highlighted in below following screenshot, your server has ImageMagick installed.

rtmedia-imagemagick-debug-info

How to fix ImageMagick?

If you manage your server using our EasyEngine project or have root access to your server, you can follow steps outlined in this article – https://easyengine.io/blog/fix-imagemagick-remote-code-execution-vulnerability/

In other cases, please contact your webhosting company.

How about disabling rtMedia or it’s addons?

As a server can be compromised by uploading some specific image files, disabling rtMedia can provide you some relief. But if there is any other way for untrusted users to upload images on your server, your servers will be still exposed.

So it’s better to fix ImageMagick issue rather than enabling/disabling WordPress themes or plugins.

Will rtMedia work without ImageMagick?

rtMedia Photo Filter cannot work without ImageMagick. This is only addon which depends 100% on ImageMagick. But if you disable ImageMagick, your site won’t break as Photo Filter addon will stop working gracefully.

rtMedia Watermark uses ImageMagick if it’s available but if ImageMagick is not present, it uses GD library as fallback.

Other rtMedia addons, premium themes and core rtMedia – WordPress.org version do not depend on ImageMagick.

Links: Solutions for ImageMagick Remote Code Execution Vulnerability

Leave a Reply

Your email address will not be published. Required fields are marked *