TimThumb plugin for WordPress – zero-day remote code execution hole disclosed, quickly fixed
WordPress sites with the TimThumb image thumbnailing plugin could be taken over by attackers.
Paul Ducklin looks at what went wrong and explains how to fix the hole…
Story added 26. June 2014, content source with full text you can find at link above.