YellowPencil WordPress Plugin Vulnerability is largely exploited – Attacker.NET : Server Management & Security, Website Malware Removal & Website Security

Any versions below 7.2.0 is vulnerable to this security issue and is likely hacked.

Hackers are exploiting it and injecting their malicious javascripts into files and database mainly in the “siteurl” and “home” rows in your wp_options table to cause redirects to other malicious websites such as:

hellofromhony[.]com
hellofromhony[.]org
destinywall[.]org
clevertrafficincome[.]com
notifymepush[.]info
pushmeandtouchme[.]info
click.newsfeed[.]support
visnu[.]icu
premium-mobile[.]info
plutonium[.]icu
monitornotifyfriends[.]info
notifymepush[.]info

And many others.

Signup and Try our malware removal service and let’s clean & protect your websites!

You can check your website securityby using this website malware scanner

https://scan.attacker.net

**Update: They released a fix: https://yellowpencil.waspthemes.com/docs/important-security-update/