If there is no desire or opportunity to delve into the files and look for the embedded code, you can act globally.
Save only the necessary files and folders, for example wp-config.php, the uploads folder (usually media files are uploaded there). If there are any other files that are very important to you, then those too. But there should be a minimum of them in order to view their code and exclude the possibility of infection.
Download the WorPress distribution from the official site, preferably the version that you currently have installed, as well as all the plugins that you have installed.
Copy all saved files, folders and downloaded plugins to the downloaded distribution.
Then completely remove the site from the hosting and fill in the new one, which was collected from the downloaded distribution.
Do everything carefully, do not rush. At the time of removing the site from the hosting and uploading a new one, add a code to the beginning of the .htaccess file, in the root of the site, to exclude visitors from accessing the site during these operations:

Deny from All // запрещаем всем доступ к сайту
Allow from ваш IP // разрешаем доступ определенному IP адресу

After completing the work, remove the code added to .htaccess.
As for the hacked accounts, through phpMyAdmin you need to change the passwords to them and regain access to yourself.
It is also necessary to change all passwords for hosting, site accounts, etc.
Like something like this.