The plugin loads a JavaScript asset from a remote website which seems to have been compromised. The widget.js file, loaded from https://assets.digitalclimatestrike.net/widget.js, redirects users to gladdiator[dot]io and is being flagged as malicious. I've reported this to the plugin authors but have not heard anything back yet.
The PoC will be displayed once the issue has been remediated
Steve Perry
Steve Perry
No
2021-01-21 (about 2 years ago)
2021-01-21 (about 2 years ago)
2021-01-22 (about 2 years ago)