could this have anything to do with wordpress 4.2.2 release,https://wordpress.org/news/2015/05/wordpress-4-2-2/ that details, “a WordPress versions 4.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. WordPress 4.2.2 includes a comprehensive fix for this issue. Reported separately by Rice Adu and Tong Shi from Baidu[X-team]. The release also includes hardening for a potential cross-site scripting vulnerability when using the visual editor.”
