There is a great post on the background of this problem by Mark Maunder that I recommend you read to understand the severity of the issue:
Technical details and scripts of the WordPress TimThumb.php hack
But even better, Mark has written a WordPress plugin that you can install. It will find any vulnerable copies of timthumb.php and allow you to update them to a secure version. The plugin is called Timthumb Vulnerability Scanner and is available from the WordPress.org plugin directory.
This vulnerability is now widely know and websites are being hacked.
This is a serious issue, you DO NOT WANT YOUR SITE HACKED.
Take 5 minutes to install and run the Timthumb Vulnerability Scanner plugin right now, otherwise you could be facing hundreds of dollars and/or many hours trying to clean up your hacked site.
Some hosting companies like Bluehost and Fatcow are proactively locating vulnerable copies of timthumb.php and replacing them with safe copies, and sending out email to the account holders letting them know what was done. But your hosting company may not do that, or some copies may be missed. Be safe and check for yourself.
Reader Interactions