Today the news reached us about a security leak in the timthumb.php file we use at our blog. This file resizes images to fit in a theme and is used by most themes, so if you’re using wordpress this may apply to you.

This script allows external users to execute php scripts, more information about the leak can be found here.

Solution

Download the latest version of the timthumb script from here. Edit the file and change the following settings:

define (‘ALLOW_EXTERNAL’, FALSE); // allow external website (override security precaution – not advised!)

// external domains that are allowed to be displayed on your website$allowedSites = array ();

Source 1 wpweetjes.nl
Source 2  techie-buzz.com