A zero day vulnerability has been found in TimThumb, a popular image resizing script used by several WordPress themes. The person who discovered the vulnerability has issued a fix and instructions to detect any lingering hacks.
As described on the VaultPress blog, “The vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory. Once the PHP code has been uploaded and executed, your site can be compromised however the attacker likes.”
The folks at Sucuri have constructed a great list of just a few affected WordPress themes, just to give you idea of how many themes use TimThumb.
If your theme uses TimThumb, contact your theme author for an update immediately, or download the latest version if it has already been updated. If your theme author is not willing to offer an update, it’s probably time for a new theme, but you can also get the latest version of TimThumb from its Google Code page.