It sounds like a direct SQL injection where the ID was forced. Get a fresh cup of coffee, take a deep breath and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
If you’re unable to clean your site(s) successfully, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are a couple.
Thanks for the tips, I’ve already gone through these as well.
Since the site is still under development, I am using an under construction function of my theme that actually does not allow access to the site without logging in to this under construction page via bypass password or over /wp-admin.
So there is not much attack surface if you want to try it via input fields. Regarding the Under Construction page, I have already contacted the support of the theme manufacturer.
I have now also enabled WordFence, which I wanted to do first for the release.
Furthermore I have read the access logs and found the following interesting lines:
185.59.157.57 22/Oct/2021:10:22:52 +0200 POST /wp-login.php HTTP/1.1 http://dev.sitename.com/wp-login.php?redirect_to=http%3A%2F%2Fdev.sitename.com%2Fwp-admin%2F&reauth=1
185.59.157.57 22/Oct/2021:10:31:20 +0200 POST /wp-login.php HTTP/1.1 http://dev.sitename.com/wp-login.php?redirect_to=http%3A%2F%2Fdev.sitename.com%2Fwp-admin%2F&reauth=1
185.59.157.57 22/Oct/2021:10:32:37 +0200 POST /wp-login.php HTTP/1.1 http://dev.sitename.com/wp-login.php
185.59.157.57 22/Oct/2021:10:32:44 +0200 POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/1.1 http://dev.sitename.com/wp-admin/
185.59.157.57 22/Oct/2021:10:32:44 +0200 POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/1.1 http://dev.sitename.com/wp-admin/
185.59.157.57 22/Oct/2021:10:32:44 +0200 POST /wp-admin/admin-ajax.php?_fs_blog_admin=true HTTP/1.1 http://dev.sitename.com/wp-admin/
185.59.157.57 22/Oct/2021:10:33:00 +0200 POST /wp-admin/admin-ajax.php HTTP/1.1 http://dev.sitename.com/wp-admin/post.php?post=105&action=edit
Could this be a problem related to admin-ajax?