There is a vulnerability within an image resizing script that is very popular and used within many WordPress themes, including many of ours. The name of the script is TimThumb.php. It is very important that you check your site for the script within all the themes you have installed on your server (I know some of you have many themes installed). That latest safe version is 2.8.2. If you are using an earlier version, you must update to keep your site secure.
The good news is that there is a plugin that you can install to make this process a snap.
You can find the plugin in the WordPress.org plugin repository here:
Here is my quick tutorial on this:
Go to Plugins >> Add New >> search for TimThumb >> Top result is TimThumb Vulnerability Scanner >> Install and Activate >> go to Tools >> TimThumb Scanner >> Click Scan >> If vulnerable file versions are found (it will tell you), check the box next to it/them and click the update button. That’s all there is to this.
You can also find a video that explains what is going on, as well as how to use the plugin from the developer. Cheers to Peter for putting this together: http://codegarage.com/blog/2011/09/wordpress-timthumb-vulnerability-scanner-plugin
If you want to know how serious this is, you can read more here: http://www.theregister.co.uk/2011/11/02/wordpress_mass_compromise/
Keep your site safe. Do this right now.
This article was written by Scott Bernadot