Included in many wordpress themes utility for image resizing timthumb.php, is vulnerable to arbitrary loading PHP-code.
In it’s config script has several domains from witch it is allowed to upload images:
Because of lack of validation, it is possible to load a phpshell to the target wordpress blog. Other words timthumb.php utility finds link blogger.com.hackersite.com / webshell.php legitimate and allows you to load a script to the server.
Vulnerability found Mark Maunder , after his blog was hacked.
p.s. you can download patched version from here patched timthumb.php