Plugin installed that wa not caught by even your free scanner (which is usually very good).
Plugin “name”: injectbody/injectsrc
I found this after a site started redirecting users to a scam support page. However, Wordfence “high sensitivity” scan didn’t detect it. Has anyone else seen this and any ideas on where else could this be lurking? I can’t seem to find it anywhere else. Sucuri is still seeing the payload, but, Wordfence still does not see it.
Thanks,
HMS Products