@frasermarlow: you are not locating the source of the exploit; you are finding the results of the exploit.
Don't post hacking code, exploits or hacked files in these forums. Don't ask other users to check their sites; that's completely meaningless, as no one has exactly the same theme, host and plugin environment.
Until you complete hardening of WordPress, investigate the theme you are using, and talk to GoDaddy, you're simply going in circles, re: your earlier post https://wordpress.org/support/topic/site-hack-or-exploit-links-to-italian-pdfs-on-wp-sites?replies=10
If you have security concerns, read about reporting them: https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/