14 Nov 2013
In an effort to resolve the vulnerability issue found in the older versions of Themify framework before 1.2.2, we've released a new update which will delete the legacy file 'themify-ajax.php' and any unknown files in the theme 'uploads' folder. This update (framework 1.6.3) is intended to save your time from removing the legacy file manually as posted here. Themify users are recommended to upgrade to this version. To upgrade your theme/framework, go to the Themify option panel page and you should see the upgrade notice. After the update, please verify if the file 'themify-ajax.php' still exists by checking the file list in WP Admin > Appearance > Editor. You may also use a FTP software to check the file in 'wp-content > themes > [themify_folder] > themify' folder.
NOTE: this vulnerability issue only affects the themes installed with Themify framework version before 1.2.2, released on November 9, 2012. Even if your theme is not affected, it's recommended that you update to this new version.
REMEMBER: if you have any inactive/old Themify theme sitting on the server, download the theme(s) to your computer for backup and delete it on your server. This fix will only apply to the active Themify theme.