If you’re one of the 900,000+ WordPress users who installed and activated the popular Social Media Widget plugin (social-media-widget) this year, you’ll probably be surprised to learn that the widget was pulled from the WordPress directory earlier this week.
Malicious code that injects spam into the WordPress site hosting the plugin was discovered in the 4.0 version of Social Media Widget, released at the end of March.
WordPress officials are urging users to remove the plugin immediately and advise site owners to seek out alternative solutions for connecting visitors to social media outlets.
Thankfully, alternatives like the Acurax Social Media Widget and Floating Social Media Icon provide high-quality services and aesthetically pleasing icons, so site owners can easily switch over without sacrificing much in the way of design. Both plugins are available for free in the WordPress directory.
By Michelle Robertson