Remove WordPress Social Media Widget Plugin; the plugin injects spam into your website
If you are using the plugin Social Media Widget (social-media-widget), make sure to remove it asap from your web site. We discovered it is being used to inject spam into web sites and the plugin was just removed from the WordPress Plugin repository.
This is a very popular plugin with more than 900,000 downloads. So it is likely affecting a lot of web sites.
Read on @SucuriBlog: