TimThumb Security Vulnerability – Common in WordPress Themes
TimThumb, an image resizing script commonly used in WordPress themes (especially paid ones), is being exploited through a zero day vulnerability. If you think your WordPress theme may use the TimThumb script, please pay attention.
The easiest way to fix it would be to delete any instance of
timthumb.php on your sites. It is also commonly named
thumb.php (this is what WooThemes uses). Id imagine this also applies to inactive themes.
As outlined in the previously linked post on Mark Maunders blog, the next best quick fix would be to remove all the Allowed Sites in the array.
$allowedSites = array ( 'flickr.com', 'picasa.com', 'img.youtube.com', 'upload.wikimedia.org', );
$allowedSites = array();
Also make sure the following constant is set to false,... [via Theme Lab]