Thanks for getting back to me @elliot.
We had some genuine text that was output in the usual way, this had been replaced on several pages by spurious text, arabic etc etc. Just general stuff you tend to get in spam comments.
We have several other fields on the page with the front end forms that weren’t touched, it only seemed to be the text and textarea inputs.
Out of 140 custom posts, there was at least a quarter of them hacked with very similar text.
We have the WP Security plugin so everything apart from this is very secure. We’re very certain they’re getting in via the front end form text/textarea fields somehow.
