A zero day vulnerability is being actively exploited in the TimThumb image resizing utility for WordPress sites.

"Mark Maunder, CEO of Seattle-based technology firm Feedjit, discovered the flaw after his own blog was hacked to load advertising content, Maunder wrote in a blog post Monday," writes SC Magazine's Angela Moscaritolo. "He ended up tracing the issue back to TimThumb, which he uses on his blog."

"As a result of the flaw, an attacker could upload files and execute code on an affected site without the owner's permission," Moscaritolo writes. "The latest version of the utility, TimThumb 1.33, is affected by the issue. Its developer, Ben Gillbanks, is working on a fix after his own site also was hacked using the same method, Maunder said."

Go to "Zero-day flaw affects popular WordPress image utility" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.