According to Sucuri Security, the malicious code that calls the URL, hxxp://i.aaur.net/i.php to inject “Pay Day Loan” spam links on the affected website was added to version 4.0 of the plugin, which was launched about 2 weeks ago.
A thread on plugin’s support forums reveals that the compromise was a result of the owner trusting the wrong developer.
The Social Media Widget plugin was removed from the WordPress Plugin repository after it was found to have been tampered with, but has since been reinstated following removal of the bad code in version 4.0.1.
However, the plugin is quite popular, and there’s no telling how many of the 900k websites it had already been installed upon were still at risk.
If you have the Social Media Widget plugin installed on your WordPress website, it is strongly advised that you:
- Update or remove the plugin immediately.
- Run your site through Sucuri’s SiteCheck scanner (free) to verify that your website is clean.
Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet, “Like” us on Facebook or add us to your circle on Google+