This is pretty old news, but I keep finding myself delousing hacked wordpress installs so it definitely bears repeating!
TimThumb is a pretty cool script that provides on-the-fly cropping and resizing of images. It is cool enough that it has been included in a large number of WordPress plugins and Themes (both free and paid). Unfortunately, there is a pretty significant exploit which allows hackers to upload or modify php scripts on your system. That, in turn, gives them access to do just about anything they want.
Millions of wordpress installs are at risk from this issue…which raises the big question: how do I know if I have a problem? Fortunately, Peter over at Code Garage made it easy - there is now a plugin which scans your install and tells you if you are vulnerable or not.
I highly recommend that all WordPress blogs take this simple action right away – installing and running the plugin is considerably easier than recovering from a hacked install.