The TimThumb script is exploitable only if the WebShot feature is enabled. By default, WebShot is disabled.
TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). Many WordPress themes and plugins distribute this script. A remote code execution vulnerability was reported in the WebShot feature of this script. This vulnerability was reported in v2.8.13 but previous versions are also vulnerable.
- Upgrade to the latest version of timthumb or disable the WebShot feature (if enabled).