WordPress repeated Javascript injection – Only sites hosted by tsoHost affected

Hi to all,

Recently I found out that several sites are affected by the same hack ( post_content column injected with malicious Javascript ).

Here’s an example: https://publicwww.com/websites/ellcurvth.com%2Fafu.php%3Fzoneid%3D2826294/

Two sites I manage are affected by this injection, however I’m not sure if it’s the CMS’s fault or it’s a hosting-related security issue.

A web agency mentioned the same hack on WordPress forums, and they are using the same hosting company – gridhost ( tsoHost ).

My customer contacted tsoHost already, and they reject the possibility of having issues with security. I contacted them myself and I’m waiting for a reply.

What can be done at this point, any suggestions?