A zero day vulnerability has been recently found on TimThumb, a popular image resizing utility widely used in a lot of WordPress themes. This issue was first discovered and reported by Mark Maunder after his blog got hacked via the timthumb.php file/script.
The TimThumb zero day vulnerability allows malicious users, hackers and other third parties to upload and run PHP code in the timthumb cache directory. When the uploaded PHP code is run and executed, the attacker can do whatever they want with the affected site or blog.
Recommended measures:
If You Use TimThumb
If your current WordPress theme is using timthumb.php, make sure that you update to the latest version of TimThumb and to reglularly check on the official TimThumb site for updates and announcements.
Aside from updating the TimThumb file there’s another thing you need to do. Open up the timthumb.php or thumb.php file with a text editor and look for this line ALLOW_EXTERNAL and make sure that the value is set to FALSE.
define ('ALLOW_EXTERNAL', FALSE);
Once ALLOW_EXTERNAL is set to FALSE, next thing to do is remove the domains inside the $allowedSites array to ensure that remote file downloading is disabled:
Before
$allowedSites = array ( 'flickr.com', 'picasa.com', 'img.youtube.com', );
After
$allowedSites = array ();
If You Do Not Use TimThumb
If you don’t use or need timthumb.php but have other WordPress themes stored in your wp-content/themes folder that uses timthumb.php, it is recommended that the timthumb.php or thumb.php file or even the entire theme or plugin folder be deleted/removed from your web server.
The theme I’m using here on JaypeeOnline – FreshNews by WooThemes uses TimThumb. After reading about this vulnerability, I immediately removed the thumb.php file and replaced it with an updated one. I was worried that I was using a very old version of TimThumb and that upgrading might mess up my blog but after the upgrade, I checked all the thumbnails and everything seems to be working fine. I also removed everything related to the old version of TimThumb and cleared the the cache.
If you want to know more about the TimThumb zero day vulnerability, how it was discovered and other additional info, check out Mark Maunder’s blog post.
Written by 
*Don't forget to verify your subscription by clicking the link on the email that Feedburner will send you.*
September 29th, 2012 at 3:43 AM
I already encountered this timthumb on my client’s wordpress website.
August 7th, 2011 at 4:18 PM
thanks for the update , im upgrading now .
August 4th, 2011 at 3:53 PM
Holy Hannah! My theme actually does use TimbThumb so I’m off to update it right now. Good looking out man!
August 5th, 2011 at 10:40 AM
@John – It’s good that you checked and found out your theme uses TimThumb. We really need to be careful these days as hackers and other malicious users are getting more clever and finding new ways to do their stuff. You’re welcome! Glad I could share this with you and other WordPress users.
August 9th, 2011 at 6:07 PM
i searched but didnt find anything of that name. nothing inside the theme folders. are they somewhere else ?
August 4th, 2011 at 1:28 PM
Good thing I don’t use timthumb. :)
August 5th, 2011 at 10:39 AM
@jehzlau – Good for you. However, there are tons of WordPress themes out there (both free and premium) that use the TimThumb script and millions of users using those themes.