Around 2, 00,000 wordpress websites get spammed by some anti-social authors. They uploaded some such content which is not suitable for the sites. It can be happened due to a wordpress plugin which provides them a backdoor access to publish what they wanted to do.
Wordpress.org has already deleted this plugin from their repository when they found it spammy. The plugin was coded such a way that no logged-in user can see the uploaded spammy content. It was mainly to divert the attention of site administrators.
Read more news here: https://www.tripwire.com/state-of-security/featured/poisoned-wordpress-plugin/