header strip image

Social Media Widget warning

Website Defender, a company specialising in website security, reported security vulnerability in one of the very popular plugins – Social Media Widget.  

If you are using the Social Media Widget plugin, make sure to remove it immediately from your website. The plugin  is being used to inject not only spam into websites, but also malicious code.

This is a very popular plugin with more than 900,000 downloads. It has the potential to impact a lot of websites. The plugin has a hidden call to this URL: httx://i.aaur.net/i.php, which is used to inject “Pay Day Loan” spam into the web sites running the plugin. 

The malicious code was added only a few days ago when they launched the version 4.0 of the plugin. So we are recommending that everyone removes that plugin immediately until we have more information.

What is really concerning about this, isn’t even the SPAM injection. That happens all the time, it’s the fact that the malicious payload found it’s way in the core files. It was then uploaded to the WordPress.org Plugin Repository and spread like wildfire to thousands of websites. The plugin has now been removed from the WordPress Plugin repository. More information on www.websitedefender.com.

We have replaced this plugin with Subscribe / Connect / Follow Widget.

Contact Details


090 975 9542

“Highly experienced in business coaching Joanna adds the invaluable qualities of a committed manager to her professional skills. She simply loves her work. Available day and night if needed in a critical moment of development or deadlines, just recently Joanna proved once again to be an outstanding business partner for me. I wonder if there is another service provider out there like her. She delivered a great website, coaching me through the pr… Read more Aglae Hagg-Thun