After a bit more time investigating this issue, we were able to confirm that the attack vector is the RevSlider plugin.
All our clients who have a WordPress site management contract with us have already been updated to the latest version.
All other clients are asked to update their Revolution Slider plugin to version 4.2 or greater, which resolves the issue, as soon possible. Not doing so will risk your site being hacked.
Monday, December 15, 2014