TimThumb Script vulnerability issue in WordPress Themes & Plugins

Recently, lot of WordPress Themes and Plugins are open to the vulnerability found in the older version of TimThumb script that has been used by most of the popular themes and plugin. Exploiting this vulnerability an attacker can upload and excute a PHP file of his choice on a vulnerable website.

TimThumb is a “A small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.“

You can download the fixed version (v1.34) from the TimThumb project page (http://code.google.com/p/timthumb/).

Read more