25 Jun 2014
A new exploit that affects XxxxXxxxx (the img.php script that we use in our themes) was disclosed today.
First, we want to put emphasis on the fact that the alleged vulnerability is not true for Themify themes, since there are a number of factors that would have to be set plus a few modules enabled in your server for the exploit to become a viable one. Basically, you were never in danger.
To be cautious, we have taken immediate actions to remove all the code that, under the most pessimistic assumption, could lead to an exploit and have released an update. All Themify users are recommended to upgrade the themes.
You can read the changelog here, which includes some technical details.