Hackers are actively exploiting a zero-day vulnerability that may be affecting millions of WordPress users. The bug was found in an image re-sizing utility that comes built-in to a number of commercial and free themes on the popular blogging platform. The vulnerability, discovered by Feedjit founder Mark Maunder, is located in a utility called timthumb.php. Maunder estimates that the bug may be. affecting as many as 39 million blogs. He has supplied what he is calling a tiny patch, and timtumb.ph s developer is working on a more comprehensive fix.
Source: https://threatpost.com/hackers-exploiting-zero-day-wordpress-themes-080311/75505/