4. “wordpress.org”
■ WordPress › Support » Google issuing warnings about WP site: “content
■ from counter-wordpress.com”?
■ WordPress › Support » [TimThumb Vulnerability] iframe hack
”timthumb.php”
■ timthumb – image crop zoom resize management – Google Project Hosting
■ WPZOOM Support Forum – View topic – [Updated] IMPORTANT Security Fix
5. Make sure this constant is set to false:
define( 'ALLOW_EXTERNAL', false );
Before:
$allowedSites = array (
! 'flickr.com',
! 'picasa.com',
! 'img.youtube.com',
! 'upload.wikimedia.org',
);
After:
$allowedSites = array();
Theme and plugin authors should use the built-in WordPress functions such asadd_image_size to resize images.
Vulnerability Found in timthumb.php | VaultPress Blog