The plugin called display widgets has a piece of malicious code inserted in it.

Sadly this code is purposeful and is actually being updated by the new plugin owners.

This plugin has been removed by the WordPress repository repeatedly and after updates has been restored. Up and down in the repository 4 times in recent months.

The malicious code is still in place even after all the updates.

This clever code shows your readers spam. Logged in users will not see what is being displayed to their non-logged in users.

So, if you are using the plugin "Display Widgets" remove it immediately from your site.

Nuff said.

Join the Discussion
Write something…
Recent messages
AfqmBiz Premium
Thanks for the info. I found out recently, not only on certain plugins but other stuff that long we can say is away from malicious effect is also developing, evolving, and adopting a bit of added: "stuff maliciously".

Monetization is so tempting exercise nowadays, I think.
Reply
Opprotunity Premium
Thanks Craig
Reply
DianneWB52 Premium
Hi Craig,

Thanks for the information. Does anyone know if Widget Options has a problem?

Dianne
Reply
Labman Premium
I haven't heard of any issues with that one.
Reply
DianneWB52 Premium
Hi Craig,

Thank you for answering.

Dianne
Reply
KeithMaki Premium
Thanks for the warning Robert!
Reply
Sforza2004 Premium
Thank you for your heads up on this. Robert
Reply
1816sspi Premium
Thanks for the wrning.
Reply
Creasean Premium
I've yet to reach that point. However, I'll take heed.Thanks.
Reply
kdforsman Premium
That's terrible,!
Reply
Skydancer1 Premium
Thanks for the heads up, I do not use it but it is still good to let people know what is up on stuff like this.

Good Job
Reply
shirian Premium
Thanks Labman for share and inform us this important issue!
Reply
KarenDemers Premium
Thanks for the heads up!
Reply
CDeMoss1 Premium
Thank you for sharing.
Reply
sheikave Premium
thank you for the alert.
Reply
Anandhijohn Premium
Hi,
Thanks for sharing and caring.
Reply
shashe Premium
Thank you, Labman! s
Reply
KMeyer Premium
Thanks for sharing
Reply
Donnie58 Premium
Thanks for the heads up, Craig!
Reply
phildora Premium
Labman, thanks for the heads up.
Reply
RandyL1 Premium
Good to know, thanks.

Randy
Reply
Loes Premium
Thanks for informing us, Craig, I luckily don't use it.
Reply
tommo1968 Premium
Thanks Craig, wasn't on my list but good to know.
Reply
larryturnage Premium
Thanks for the alert .
Reply
Wayne66 Premium
Don't have that plugin but thanks for the alert. I will be sure not to use it.
Reply
BradBurns Premium
Thanks Labman
Reply
judLie Premium
Thanks for the warning, Labman! Much appreciated.
Reply
mybiz4u Premium
Thnx, C. Appreciate it.
M
Reply
DarleneB Premium
Thanks for the warning
Reply
billybons Premium
Thanks, Craig!
Reply
MichaelGB Premium
Thanks for tat...done.
Reply
Rae-1965 Premium
Thanks for the heads up
Reply
DaveSw Premium
Thanks for the heads up!
Reply
Mike-Writes Premium
Thanks for the warning!
Reply
VeronicasLuv Premium
Thanks for the warning, Craig!
Reply
WTucker1 Premium
thanks for the heads up. THis is what is so valuable about WA
Reply
KatieMac Premium
Not one I am using thankfully thank you for the alert
Reply
Memorylaneuk Premium
Thank you for warning us.
With Grace and Gratitude
Karen
Reply
Gchaves Premium
Thanks Craig
Reply
JeanL Premium
Thanks for the warning!
Reply
terrycarroll Premium
Excellent advice Craig. Many thanks

Terry
Reply
Elbert1 Premium
Thank you for the information.

I really appreciate the heads-up!

Bert
Reply
ElianeLima Premium
Thanks for letting us know!
Reply
MCrim Premium
Good to know. Thanks!!

mitch
Reply
munazira Premium
Thanks as I did not install anything other than told in trainings.
Reply
drcmaint Premium
Thanks.
Reply
PaulaKeen Premium
Thanks Craig, for this update! Much appreciated.
Reply
GApt Premium
Awesome advice thank, you so much!
Reply
mikewood1975 Premium
Thank you for this information.
Reply
rtr7 Premium
Thanks for the heads up.
Reply
bigrog44 Premium
Thanks for the heads up. I have to update my plug insurance on both of my websites.
Reply
Dmorrow Premium
Thanks so much for the heads up!
Reply
JIllW Premium
Thank you
Reply
Fmarabate Premium
Thanks. Glad I am not using it.
Reply
SteveCrozza Premium
thank you
Reply
Nick-at-WA Premium
Thanks for the alert
Reply
DKMade Premium
Labman, truly mans best friend. Thanks for the heads up.
Reply
TFerguson1 Premium
Hi and thank you for the information.
Reply
UKMerchant Premium
Thanks for the warning!
Reply
mergie1 Premium
Thanks for the warning.
Reply
MKearns Premium
Glad I don't have it. Have enough trouble keeping Pi's and widgets apart!
Reply
Prinz Premium
Wow! I have that plugin installed on one of my websites. Actually, I haven't updated that website since December 2016, but I'll sign in today to remove it. Thanks a lot for highlighting this.
Reply
JamesJB Premium
It's worrying how such Plugins manage to infiltrate the WordPress repository.

Is there a way we can have these checked out before they are installed on our website?
Reply
wozzy Premium
Thanks for highlighting this, Mick
Reply
AltheaKerr Premium
Thanks for the warning!
Reply
JohnProbert1 Premium
Thanks Labman, Will be looking out for this one
Reply
Jaunesk Premium
Thanks
Reply
robin Premium
Thanks Craig great info.
Reply
MoniArora Premium
Thank you for sharing the info Craig..
Reply
TammiP Premium
Thanks for the alert Craig. I will be on the lookout.

T
Reply
bryanb007 Premium
Thanks Craig. As I read this, I am currently trying to find the source of a flood of Spam mail. This type of thing is most annoying, to say the least.
Bryanb
Reply
Gordon-D Premium
Do you know who the author is Craig?
Reply
Labman Premium
Not even the security folks can discern this.
Reply
Gordon-D Premium
Thanks, then it probably isn't the one I'm using
Reply
ContentBySue Premium
Thank you for the heads-up.
Reply
Tjennings122 Premium
Thank you for sharing this info. Will keep an eye out.
Reply
bjdluna Premium
Thanks for the Warning!
Reply
PediaDar Premium
Thanks for the advice :)
Reply
accad Premium
I haven't encountered yet but thanks for the warning.
Reply
rene4me Premium
Thank you:)
Reply
AlexEvans Premium
Thank you for sharing Craig, don't use it but will share it on. Getting the heads up on stuff like this is just another WA positive.
Reply
spurway Premium
Thanks for the info and warning.
Reply
pablocortina Premium
Thank you for this info
Reply
Lazyblogger Premium
Thank you for the information, fortunately, I am not a user but will pass this around to my Network. Take care.
Reply
HelenpDoyle Premium
Hi Craig, couldn't find it so assume (whoops) it has been removed.
Reply