Description
WordPress Plugin Social Media Widget has a hidden call to i.aaur.net/i.php, which is used to inject Pay Day Loan spam into the web sites running the plugin. WordPress Plugin Social Media Widget version 4.0 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 4.0.2 or latest
References
https://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.html
http://www.openwall.com/lists/oss-security/2013/04/14/1
https://wordpress.org/plugins/social-media-widget/changelog/
Related Vulnerabilities
WordPress Plugin Parcel Tracker eCourier Cross-Site Request Forgery (1.0.1)
WordPress Plugin Brizy-Page Builder Arbitrary File Upload (2.4.44)
MySQL CVE-2019-2434 Vulnerability (CVE-2019-2434)
MySQL CVE-2021-2020 Vulnerability (CVE-2021-2020)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)