Description
WordPress Plugin Digital Climate Strike WP is prone to malicious redirects. Attackers may leverage this issue to promote spam, distribute malware/backdoors, or to perform all kinds of malicious activities. WordPress Plugin Digital Climate Strike WP version 1.0.0 is vulnerable.
Remediation
Disable the plugin until a fix is available
References
https://wordpress.org/support/topic/plugin-loads-compromised-asset/
https://wordpress.org/plugins/digital-climate-strike-wp/#description
Related Vulnerabilities
Oracle JRE CVE-2013-0424 Vulnerability (CVE-2013-0424)
Jenkins Improper Handling of Inconsistent Structural Elements Vulnerability (CVE-2021-21640)
WordPress Plugin xPinner Lite Multiple Vulnerabilities (2.2)
Oracle Database Server CVE-2014-4289 Vulnerability (CVE-2014-4289)
PHP Improper Input Validation Vulnerability (CVE-2016-10397)