Description
WordPress Plugin Injectbody is injecting spam into the website's content, in form of pop-ups, thus serving questionable ads to visitors without the authorization of the website's owner. WordPress Plugin Injectbody all version are vulnerable.
Remediation
Disable the plugin
References
https://blog.sucuri.net/2018/02/unwanted-popups-caused-injectbody-injectscr-plugins.html
https://wordpress.org/support/topic/wordfence-fail-didnt-find-malicious-plugin/
Related Vulnerabilities
PostgreSQL Untrusted Search Path Vulnerability (CVE-2020-14350)
WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.6)
WordPress Plugin Allow REL= and HTML in Author Bios Cross-Site Scripting (.1)
Joomla Other Vulnerability (CVE-2007-4185)
WordPress Plugin WP Frontend Profile Security Bypass (1.2.1)