Many WordPress theme developers (including Main Street) have relied on a nifty little code plugin called TimThumb to resize images for WordPress themes. Yesterday a security vulnerability was discovered that can use this plugin to load malicious code on your site.

Current versions of WordPress do resizing automatically, but until recently developers had to rely on plugins like TimThumb for these functions. Unfortunately this flaw is in an incredibly popular plugin that major developers have used for years. All themes by ElegantThemes include this code.

We recommend all WordPress users verify that they are not running TimThumb on any themes installed on their site, even themes that are not active.

To determine if any of your themes use TimThumb, go to Appearance Menu > Editor. In the list of Templates on the right column you are looking for a file called timthumb.php. If you have that file in your theme, it needs to be updated immediately. Be sure to check each theme installed on your site, you can use the pulldown box in the upper right corner to select each theme. Do not edit anything. You can break your theme.

Update instructions vary based upon your theme, contact your theme developer or Main Street if you find the timthumb.php file in your theme.

This is a serious security threat and should be investigated immediately.