Here at Sucuri, we clean WordPress websites every day. There are various types of common malware, but when we stumble upon a different scenario, our research team likes to dig deeper and conduct a complete investigation.
A license key is a place where a webmaster might not expect to find an infection, however, in this particular case, this is where we found one.
A Spam Injector Resembling a License Key
A client opened a malware removal ticket reporting some weird spam URLs injected onto their WordPress website.
Source: Scuri check