Description
WordPress Plugin Social Media Widget has a hidden call to i.aaur.net/i.php, which is used to inject Pay Day Loan spam into the web sites running the plugin. WordPress Plugin Social Media Widget version 4.0 is vulnerable; other versions may also be affected.
Remediation
Update to plugin version 4.0.2 or latest
References
https://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.html
http://www.openwall.com/lists/oss-security/2013/04/14/1
https://wordpress.org/plugins/social-media-widget/changelog/
Related Vulnerabilities
WordPress Plugin WP Page Builder Cross-Site Scripting (1.2.8)
PostgreSQL Numeric Errors Vulnerability (CVE-2013-1900)
Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)
WordPress Plugin ND Shortcodes For Visual Composer Security Bypass (5.8)
WordPress Plugin Simple Image Gallery Cross-Site Scripting (1.0.6)