Injected scripts have a lot in common with previous WordPress attacks
https://www.bleepingcomputer.com/news/security/popular-yuzo-wordpress-plugin-exploited-to-redirect-users-to-scams/
A vulnerability in the popular WordPress plugin called Yuzo Related Posts is being targeted by attackers to inject JavaScript into the pages of the site. This JavaScript will cause visitors to be redirected to sites displaying scams, including tech support scams, and sites promoting unwanted software such as browser extensions.
On March 30th, 2019, the developer of Yuzo Related Posts removed the plugin from the WordPress plugin directory after a WordPress security company publicly disclosed the vulnerability. While this prevented new users from being infected, the 60,000+ existing installs were not notified and thus were vulnerable.