TimThumb is a popular image resizing library used in thousands WordPress themes and plugins. The vulnerability resides in its “Webshot” feature that, when enabled, allows attackers to execute commands on a remote website. Until now, there is no patch available for the flaw. The good news is that Timthumb comes with the webshot option disabled by default, so only those. only. those. have manually enabled the. webshot feature manually enabled. Users are advised to check and disable the “WEBSHOT” option inside their theme or plugin directory.
Source: https://thehackernews.com/2014/06/zero-day-timthumb-webshot-vulnerability.html