I found out that my wordpress had been infected with a trojan that was inserting script into both the RSS, webpages and the backend as well. I think one of the admins has had her computer pwned in a nasty way.
It was relatively easy but tedious to remove. I noticed that certain prevalent files were modified at the same time, such as:
as well as index.php, index.html (if you have one), and other sites in the main directory. The code looked something like
I reinstalled WordPress under the updates menu and I think it's all clean now.
Unfortunately, the site was blacklisted by google, so I'm in the process of having it reviewed. If that happens to you, you have to register your site under a google account and apply for it using Google Webmaster Tools/Diagnostics/Malware.