Remove WordPress Social Media Widget Plugin; the plugin injects spam into your website
If you are using the plugin Social Media Widget (social-media-widget), make sure to remove it asap from your web site. We discovered it is being used to inject spam into web sites and the plugin was just removed from the WordPress Plugin repository.
This is a very popular plugin with more than 900,000 downloads. So it is likely affecting a lot of web sites.
Read on @SucuriBlog:
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.
A cheat-sheet for password crackers
Windows privilege escalation guide
List all SPNs used in your Active Directory
Important note about Windows Update KB4056892
Help Net Security reviewed Acunetix 11
3 Important security measurements for Windows Server & IIS