It seems an older version of wordpress got hacked from what I saw as a trend on a bunch of my sites. It got into my main webhosting account and then hit any wordpress files it could find. In the pic above is just one folders worth of files I had to manually edit the injected code out of each site it hit. I have changed passwords all over and cleaned all the code out of all the filed. Date modified on files and folders made it easy to find the corrupted files.
I have way too many websites out there on my account. 1/2 are not even active anymore. And lots are just dumb ones I set up as a joke and then never updated. I have a lot of house cleaning still to go, but at least I have cleared all that evil code out. I am really glad I do not have any sites that take credit cards. I highly doubt that any info was stolen. My guess is that like others I found on the googles, it got compromized by spammers and their code did not even work, but replicated to all my sites. Grrrr. Big lesson learned.