Could My WordPress Site be Hacked via TimThumb?
TimThumb is a wonderful idea.
TimThumb is a script that allows your site to grab an image and resize or reshape it automatically. TimThumb will cache that new version of the image so that it can quickly be served to new visitors.
This is such a useful idea that thousands of WordPress themes have included TimThumb.
However, in both 2011 and 2014 there were security holes so severe in TimThumb that hackers can do anything to your server.
If you’re using a Theme downloaded from WordPress.org you have nothing to worry about, since those themes are not allowed to include TimThumb. However, many commercial themes continue to include TimThumb.
In this video, Topher shows you how to find out if your site is vulnerable to being hacked via TimThumb: