WordPress Display Widgets Plugin found to be Malicious

September 13, 2017

The plugin "Display Widgets" for WordPress allowed users to display and hide certain widgets when certain conditions were met such as when a 404 code was returned or a post was in a specific category. However the plugin has recently found to have malicious code found hidden in its files.

This malicious code was added by the author of the plugin. This was because the ownership of the plugin had recently swapped hands from previous owners, Formidable Forms, and was bought by the new author for purely malicious purposes. The malicious code allowed the author to add and remove content on the site without the site owner knowing, which was abused to produce spam content.

How can this affect you? The plugin was installed on over 200,000 WordPress sites and has been strongly recommended by Formidable Forms that you either update to the non-compromised 2.7 version of the plugin or you completely remove the plugin from your site immediately.

Need help with your next development project? Let’s talk.

Get in touch