The popular image resizing library TimThumb, used in many a good WordPress theme has had a major exploit carried out against versions of its code. The TimThumb code vulnerability allows third parties to execute PHP code in the TimThumb cache directory after uploading it themselves. As many people are aware, running malicious PHP code can easily compromise a website or an entire server.
We recommended deleting timthumb.php or thumb.php or indeed the complete theme or plugin when this zero day exploit was announced. There is a later version of TimThumb available that now patches this vulnerability.
If the file exists in a theme or plugin that you’re no longer using you may want to remove the entire theme or just the relevant plugin directory. After you remove the TimThumb library, check your site is still working as it should.
If using the later version, please check that you set ALLOW_EXTERNAL to false like this:
then find the $allowedSites array inside the file and completely remove the associated domain names to prevent remote file downloading like this: