We notify all of our customers of a security update of the third party plugin “Display Widgets” used by some of our themes as a recommended plugin to immediately update this plugin due to a possible malware detection in the files of “Display Widgets” plugin ( see full investigation here ).
Safe (clean) versions of this plugin:
- pre-version 2.0.5
- or the latest version 2.7
Any other version you have installed please update it urgently.
Note: if you have already updated (or attempted to update) this plugin to the latest version (2.7) but the update notification keeps appearing in your WordPress plugins admin page – that means you have already secured your site and you have the clean (safe) version of the plugin installed.
If this is what you see on your site then no further actions needed.
UPDATE 2020: The Display Widgets plugin is no longer available. Please use Jetpack Visibility options or the “Widget Options” free plugin https://wordpress.org/plugins/widget-options/ instead.
2 thoughts on “Security update for Display Widgets (third party) plugin”
Where can i find now this plugin ?
You can no longer download this plugin as the official WordPress theme had removed it from the plugin repository.
See their comment here:
“The plugin team has released version 2.7 of Display Widgets.
This is a CLEAN version and is the same as version 2.0.5. You may safely upgrade.
We will be leaving this version deploying updates, however at this time we will NOT be allowing for it’s adoption. The second owner has effectively destroyed any trust a person might have in the plugin.
Note: You CANNOT visit the page or download it as a new plugin for a reason. This plugin is done. It’s not supported, it’s not worked on, nothing. So if you have it, upgrade. Otherwise, find something else to use.”