Did you use some plugins like Yellow Pencil Editor? I think your website was attacked because “10 April evening was a hack attack to some WordPress plugins, including YellowPencil plugin. This hack attack was just to the database, No files infected. Only the “siteurl” and “home” rows in wp_option table changed to another URL”
Some info here: https://yellowpencil.waspthemes.com/docs/important-security-update/
