I have an issue with one of my websites running on the latest version of WordPress.

When I’m in the back end and try to click a link to navigate to WooCommerce Orders, Pages, or settings for any of my plugins, I’m redirect to a random spam site.

The site loads at first but then is redirected to a page asking to accept cookies. This issue was happening on the home page until I disabled XML-RPC. Now it just seems to be affecting the back end when I try to go to the plugins, pages or any other section on the dashboard.

I’m sure there must have been some malicious code injected somewhere but I am tearing out my hair trying to find it. Has anyone experienced anything similar and could offer advice please?