Mark Maunder, the developer who discovered and blogged about the TimThumb vulnerability has himself done a full rewrite of TimThumb and forked it as WordThumb on Google Code. Everything but the original TimThumb image processing has been rewritten, Maunder says.
The full list of all changes have been posted to Maunder’s blog, and it mentions a handful of them. WordThumb is backward compatible with TimThumb’s options, so switching to it from TimThumb is possible. Overall it seems Maunder is attempting to further secure, and generally improve, Ben Gillbank’s TimThumb script.
Will you try out the newly available WordThumb? Do you think those who have used TimThumb in the past, particularly WordPress theme developers, will consider WordThumb now and make the swap?