Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1) - Vulnerability Database

WordPress Plugin Display Widgets Spam Links Injection (2.6.3.1)

Description

WordPress Plugin Display Widgets is injecting spam links into the website's content, thus publicizing external websites to search engines without the authorization of the website's owner. WordPress Plugin Display Widgets version 2.6.3.1 is vulnerable; prior versions may also be affected.

Remediation

Disable the plugin until a fix is available

References

https://stallion-theme.co.uk/display-widgets-plugin-review/
https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
https://wordpress.org/support/topic/display-widgets-plugin-v2-6-3-1-includes-hacking-code/
https://wordpress.org/support/topic/display-widget-inserted-spammy-links/
https://wordpress.org/support/topic/payday-loans-seo-spam/
https://www.pluginvulnerabilities.com/2017/09/12/more-of-wordpress-poor-handling-of-plugin-security-as-seen-through-malicious-takeover-of-display-widgets/
https://wptavern.com/display-widgets-plugin-permanently-removed-from-wordpress-org-due-to-malicious-code

Related Vulnerabilities

Apache httpOnly cookie disclosure Medium
Common tags: Missing Update
WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.17) High
Common tags: Missing Update
WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.13) High
Common tags: Missing Update
WordPress 5.5.x Directory Traversal (5.5 - 5.5.14) High
Common tags: Missing Update
WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.14) High
Common tags: Missing Update

Severity

High

Classification

CWE-610
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update