Searches for nonsense strings wasn’t the major problem but it did happen. One of the biggest problems was related to search engines though – the old theme did not have a canonical URL feature which redirected search engines to the proper URL and it didn’t verify that comment page 49,999 etc didn’t exist. That meant it was simple for an individual to submit a fake link elsewhere to say comment page 49,999 which google etc would visit and incorrectly get a link to page 49,998 and so on. Or it could re-index the site with URLs with random params embedded which didn’t get redirected to the canon URL.
The result was that the site was being continually indexed by google, bing and umpteen other random crawlers etc., etc. for millions of pages of content which didn’t actually exist as real different pages. All by someone simply placing a few doctored links anywhere on the web for google to find and then the search engines will do the rest.
A canonical link element is an HTML element that helps webmasters prevent duplicate content issues by specifying the “canonical” or “preferred” version of a web page as part of search engine optimization. It is described in RFC 6596, which went live in April 2012.
Other WordPress sites running older themes were also attacked in this manner and all current themes don’t have the problem. Half fixes were added for the problems in the old theme with a combination of code patches and SEO plugin but, as you know, it was becoming increasingly difficult to keep the old theme going and its parent theme had been abandoned years ago.
That showmore one you mention was weird because it was a local site addition which was why it was so strange that random bots would target it by using it on large comment count threads and by firing SQL injection attacks at it. There was no SQL injection vulnerability in the code but that didn’t stop the bots continually trying variations!
Nothing sensitive above as none of the issues are present in the current theme.