The plugin called display widgets has a piece of malicious code inserted in it.
Sadly this code is purposeful and is actually being updated by the new plugin owners.
This plugin has been removed by the WordPress repository repeatedly and after updates has been restored. Up and down in the repository 4 times in recent months.
The malicious code is still in place even after all the updates.
This clever code shows your readers spam. Logged in users will not see what is being displayed to their non-logged in users.
So, if you are using the plugin "Display Widgets" remove it immediately from your site.