Remove WordPress Social Media Widget Plugin; the plugin injects spam into your website
If you are using the plugin Social Media Widget (social-media-widget), make sure to remove it asap from your web site. We discovered it is being used to inject spam into web sites and the plugin was just removed from the WordPress Plugin repository.
This is a very popular plugin with more than 900,000 downloads. So it is likely affecting a lot of web sites.
Read on @SucuriBlog:
If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.
Help Net Security reviewed Acunetix 11
Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
Penetration Testers’ Guide to Windows 10 Privacy & Security
Joomla! (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit
Samsung’s smart camera. A tale of IoT & network security
“How we broke PHP, hacked Pornhub and earned $20,000”