I do believe there may be a zero-day exploit “not yet noted by the current WordPress related malware scanning sites or plugins” within the YellowPencil – Visual CSS Style Editor.
If you are using this plugin on your site, I do recommend at least peeking in to verify you are running the latest version or remove it if not required. This plugin may be used to inject a redirect into your database.
3rd party verification as well, from Kinsta.com
There is a vulnerability on the plugin which is allowing 3rd parties to change the Site URL and Home URL by doing an unauthenticated SQL injection. We in Kinsta contacted them about this too and they are working on an update. As a precaution, I assume the closed the plugin so no one can download it and get infected until they release a new version.
This plugin was closed on April 8, 2019 and is no longer available for download. Link to plugin below:
Other related keywords: destinywall, hellofromhony, yuzo related post, yellowpencil