I received an email regarding a hack on my site. I delved further, downloaded the entire lot and went through it.
I found that the plugins/cforms/js/cforms.js had been altered.
At the end of it, this was appended:
Question is of course - how did this happen? I have tried to secure it as much as I can, removed wp-atom, xmlrpc etc., secured directories, have few plugins, yet this still happens.