In this week’s Websense Security Labs Video, Chris Astacio discusses a mass injection attack that is compromising a wide swath of WordPress sites through a vulnerability in TimThumb.php, a common module used in many WordPress themes.
This widespread attack compromised tens of thousands of domains which led to a site hosting injected malicious code. After the video, you can read an analysis of the exploit in our blog post here. That post features a link to the patched version of TimThumb that users can download to remove this vulnerability.