WordPress Hosting Clients Zero Day Exploit Alert!!
by: Peter H / August 15, 2011
This is a public service announcement for all clients hosting WordPress websites. Suppose you use the plugin "TimThumb," which is used in many popular themes. In that case, you need to be aware that it is a very vulnerable exploit that will allow hackers to control your WordPress installation. If you are using the plugin TimThumb.php (or Thumb.php, as I am told it is also called), you need to replace that file on your blog with the latest version TimThumb located here (http://timthumb.googlecode.com/svn/trunk/timthumb.php). We have sent an email out to all shared hosting clients in hopes that our clients catch this bug in time to help prevent any damage to their blogs.