A critical vulnerability in the TimThumb WordPress plugin version 2.8.13 may invoke a call to ‘Webshot’. This feature would have to be enabled in order for an attacker to exploit this vulnerability.
“With a simple command, an attacker can create, remove and modify any files on your server,” says security experts at Sucuri in a blog post.
All of our current web hosting customers have had their website(s) source code reviewed. We did not find any website vulnerable to this attack.
For any questions, comments, or concerns, please open a support ticket @ http://support.forimpression.com