Looking into this.
I don't think it's a hack or modified files as Wordfence would have caught it.
Contacted the host regarding the .com cert error as well.
I'll let you know what I find.
[EDIT]
Appears to actually be something that was embedded in each SQL post. I ran a query to get rid of the offending data.
I have disabled one old plugin as well as updated everything else.
I will continue to dig a bit over the weekend.
Awaiting the host to respond about the .com Cert error.
Sorry for the trouble guys, and thanks for the heads up.