I recently discovered that one of the sites I manage is redirecting to a spam site if Advanced Custom Fields plugin is activated. If deactivated, the spam redirect is gone. I’ve tried deactivating then deleting the plugin and then re-installing/activating the plugin, but the spam redirect just comes back.
Any advice on how to fix this? Surely the plugin hasn’t been compromised. Any advice on where to look if the the plugin installation, fields, or database entries starting from this plugin may have been hacked? I’m currently thinking it’s got to be in the database for the homepage fields/field groups, since subpages with custom fields do not redirect.