And here from our web designer is the answer to the erroneous posing. Many thanks for your help Christian.
This was published by Trish’s user account from the dashboard. This suggests a manual post using a phished or guessed password. I have changed Trish’s password, disabled ability to publish temporarily and removed the post.
More sophisticated hacks will usually access directly via the database or some other vulnerability so I don;t think there has been a breach any more serious than this.