TimThumb is a free image resizing utility widely used on the blogging platform WordPress. Mark Maunder, CEO of Feedjit, discovered the flaw after his own blog was hacked to load advertising content. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. An attacker could upload files and execute code on an affected site without the owner’s permission. The latest version of the utility is affected by the issue.
Source: https://thehackernews.com/2011/08/zero-day-flaw-in-wordpress-image.html