If you’re using WordPress as your favorite open source blogging platform, chances are pretty high you’ve already heard about the recent security flaw found in the TimThumb plugin fow WP. If you haven’t – you should, cause it’s pretty severe. Here is more info on that:
The security flaw isn’t a core WordPress vulnerability, so you won’t be vulnerable for just using WordPress. However, the bad news is that a pretty big number of themes out there use the TimThumb plugin in order to operate correctly and therefore TimThumb is included in a lot of WordPress plugins and themes, both free and paid. The result is that there is a good chance you might have the vulnerable TimThumb installed and running on your WordPress even if you don’t really know about it or you don’t care.