[quote cite="John Ford, Vaultpress"]“The vulnerability allows third parties to upload and execute arbitrary PHP code in the TimThumb cache directory. Once the PHP code has been uploaded and executed, your site can be compromised however the attacker likes.” [/quote]
My response to it is $%^#@! The script is built into the theme. I have edited it to prevent arbitrary file upload but I really need to disable it all together and removing it breaks the theme. I don’t want to upload a new theme. I like this theme. I like the giant menu and the featured posts carousel. I like the home page layout.
:rocks back and forth:
It seems that either we can have a commercial theme with fancy bells and whistles and have problems, or we can have something very simple like hybrid, but have no security problems.