0Day Vulnerability in WordPress themes

Included in many wordpress themes utility for image resizing timthumb.php, is vulnerable to arbitrary loading PHP-code.

In it’s config script has several domains from witch it is allowed to upload images:

• flickr.com
• picasa.com
• blogger.com
• wordpress.com
• img.youtube.com
• upload.wikimedia.org
• photobucket.com

Because of lack of validation, it is possible to load a phpshell to the target wordpress blog. Other words timthumb.php utility finds link blogger.com.hackersite.com / webshell.php legitimate and allows you to load a script to the server.
Vulnerability found Mark Maunder , after his blog was hacked.
p.s. you can download patched version from here patched timthumb.php