Remote Code Execution 0 Day Vulnerability In Timthumb S Webshot Feature Leaves Wordpress Users At Risk Techworm

Timthumb comes with the webshot option disabled by default, so only those wordpress users who have enabled WebShot feature are vulnerable to this attack.If you are using the plugin on your website, you should disable the option to prevent the misuse.Open your TimThumb file inside the theme or plugin and search for “WEBSHOT_ENABLED” and set it to false. More details about the vulnerability can be seen at Cxsecurity