It’s always scary when you read of zero-day WordPress vulnerabilities, and this is a big one. As described on Mark Maunder’s blog, many themes use a library called timthumb.php, which contains an insecure check that allows remote code to run on your server.
UPDATE this check is no longer enough, see below. A quick way to find out if you’re effected is to run a locate command, e.g.:
[tom@daisy ~]$ locate timthumb
This showed that two separate themes – one premium, one free – use this library on my server. Fortunately, the instructions on Mark’s blog make this easy to fix.
Check your servers now before it’s too late.
UPDATE I have discovered that sometimes the file is called thumb.php and is often TimThumb! So now a quick way to find potentially vulnerable files is:
[root@daisy www]# cd /var/www
[root@daisy www]# grep TimThumb * -r