I’ve been using Display Widgets for years. Upgraded continuesly aside from the last version.
The only way I could see something was up when I click to see “details”. Then I saw the plugin had been deleted. I figured something was wrong. Googles, got to wordfence then your site.
WP Plugin team have a real issue here. Merely deleting the plugin form the repository will do nothing for anyone currently with it. Only make the spam worse. A simple warning text when trying to updated it would do – I don’t think it’s complicated.
Next, thank you very much for your hard work in bringing this to fruition.
I deleted the plugin. Reinstalled version 2.5. Is that enough to ensure any malicious code has been removed?
I plan to switch over to another plugin once I know the above