Sucuri Security has a great post that begins to review the aftermath of the massive exploitation of the TimThumb image re sizer script. According to their calculations, about a million pages have been compromised by the script but when filtering down their results for the past thirty days, there were over 200,000 results. The exploitation of the script is still an ongoing problem and will most likely continue to be for the foreseeable future. If you think an old version of the TimThumb script is on your server, use the TimThumb vulnerability scanner plugin.
The TimThumb exploitation event is interesting in that so many websites became compromised despite the issue not being relevant to the core of WordPress itself. I wonder if there are any other popular scripts or dependencies that plugins or themes use that could end up in the same situation?
I only got into WordPress this fall and was absolutely lucky when I signed up for Elegant Themes just a few days after this vulnerability had been corrected!
Instead of shaking me, however, this incident has only made me feel all the better about having chosen WordPress for my sites. Thus, I’m not too concerned about any other security holes in the many plugins and themes available. May the WordPress community continue to mature in security, usability, and functionality!