We have seen few hacked WordPress due to a critical zero-day vulnerability in 2 major plugins.
Yuzo Related Posts and Visual CSS Style Editor have been identified as the root cause the details have been shared in the links below:
For Yuzo Related Posts please visit the following link
For Visual CSS Style Editor please visit the following link
A fix has not been deployed by the developers of the plugins yet, so the recommendation is to remove the plugin from the site completely until a patch has been deployed from developers.