One question
Is this timthumb thing part of every wordpress install, or is it a plugin (the word extension is used in the article) that you have to install yourself. The idea that masses of WP sites are exposed implies to me that it's part of wordpress by default?