"Hackers are exploiting a problem with an image-resizing utility called
TimThumb that is widely used in many themes for the blogging platform
WordPress, although some fixes have been made to the latest version.
TimThumb is 'inherently insecure' because it writes files into a
directory when it fetches an image and resizes it. But that directory is
accessible to people visiting the website, Maunder wrote. An attacker can
compromise the site by figuring out how to get TimThumb to grab a
malicious PHP file and put it in the Wordpress directory. The code will
be executed if an attacker then accesses the file using a Web browser."
Please reply back to this ticket if you found this security alert useful.