I’d guess that there is some rogue code on your site. (Assumption, since I don’t know your site URL.)
You’ll need to check everything: update (from known good source) everything (WP, themes, plugins), then look at each folder for a file that doesn’t have the current date (since you just updated everything).
Change the credentials on everything: WP admin users, hosting, FTP, etc.
Remove any plugins/themes that you are not using.
Look at the generated page code and see if you find anything that doesn’t belong after you have fixed/updated every.
I’ve developed a process to clean up a hacked site – see here: https://securitydawg.com/recovering-from-a-hacked-wordpress-site/