Over the past few months, I’ve been working with Wordpress based websites quite a lot. This includes my dad’s website. It had an issue with its thumbnail generator from day one. I decided to dig around in the thumbnail generator script. At the beginning of the script, I saw that it was named TimThumb. After doing some research on TimThumb, I found out that the version on the website was actually vulnerable. I immediately updated to the newest version. The problem still persisted, however. After a little more digging, I found troubleshooting information for Timthumb. This section of the page turned out to be the solution:
What path are you using for your thumbnail image?
In most cases using the full path to your image should work. For example, you would input
http://www.mydomain/blog/wp-content/uploads/image.gif(or whatever the path to your image is). However, some hosts do not allow the use ofhttp://www. at the end of a URL. In this case you should use the relative path to your image, and remove your domain from the URL. In the above case, assuming your blog is hosted in the /blog/ folder, the path to your image would just be: wp-content/uploads/image.gif."
Sure enough, switching to relative paths allowed thumbnails to display.