TimThumb.php is a great open-source script that web developers can use to help speed up sites by doing some clever image caching and resizing.
Unfortunately it’s been discovered that there is a security hole in older versions of the script. If you are using this script on your site – it may be part of a premium theme – then you need to upgrade it to the latest version.
To know if you’ve been affected, you need to do a search for a file called “timthumb.php” – if you downloaded your theme files to your desktop before uploading, then you can do instant search by typing the filename into Voidtools Search Everything – watch the video for a full walkthrough.
Fortunately, the fix is easy. You need to get the latest version of timthump.php here and replace the existing timthumb.php file using FTP – choose “Overwrite” or “Replace” if your FTP programme asks you.
Update – free plugin: TimThumb Vulnerability Scanner
The fix is now even easier with the free TimThumb Vulnerability Scanner plugin scans your entire wp-content directory for outdated and insecure versions of the timthumb script (including those renamed to thumb.php). It gives you the option to automatically upgrade them with a single click.
If you use a theme from WooThemes, note that they’ve renamed timthumb.php to thumb.php, so that’s the file you’re looking for!
You can find more information here: Timthumb PHP script opens hole in WordPress blogs.