These are pretty popular plugins in the SEO world… I imagine lots more of these “supply chain attacks” exist due to older but still popular plugins being sold or leased:
If you have any of these plugins running on your site, we recommend that you remove them immediately and that you make sure that SEO spam hasn’t been injected into your site. Even though one of them, WP No External Links, has been updated to remove the backdoor, it has been closed, so it will never be updated again in the future.