Description
WordPress Plugin Display Widgets is injecting spam links into the website's content, thus publicizing external websites to search engines without the authorization of the website's owner. WordPress Plugin Display Widgets version 2.6.3.1 is vulnerable; prior versions may also be affected.
Remediation
Disable the plugin until a fix is available
References
https://stallion-theme.co.uk/display-widgets-plugin-review/
https://wordpress.org/support/topic/display-widgets-plugin-v2-6-3-1-includes-hacking-code/
https://wordpress.org/support/topic/display-widget-inserted-spammy-links/
Related Vulnerabilities
WordPress Plugin UpdraftPlus WordPress Backup Multiple Vulnerabilities (1.16.58)
WordPress Plugin WordPress Download Manager Multiple Vulnerabilities (2.9.49)
WordPress Plugin Travel Management Privilege Escalation (1.5)
OpenSSL Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1473)