Over 2,000 WordPress sites have been hacked to fuel a campaign to redirect visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads. The hacking campaign was discovered by website security firm Sucuri who detected attackers exploiting vulnerabilities in WordPress plugins during the third week of January 2020. The vulnerabilities allow the attackers to inject JavaScript that loads scripts from admarketlocation[.]com and gotosecond2[.)com directly into the site’s theme.
Source: https://www.bleepingcomputer.com/news/security/thousands-of-wordpress-sites-hacked-to-fuel-scam-campaign/