wordpress

Hi, today I got a notification about a HIGH severity vulnerability on one of my websites, affecting JetEngine <=3.7.2. The version actually installed is 3.8.2. Refer to the screenshot attached. Is this a bug or a feature? ;-)

As the title says, one of my sites (belonging to a client) was hacked. Backup is restored, WP accounts, FTP accounts and the database account now have new passwords. I found some suspicious files on the site as well (I still have them if someone wants to look ) which are now removed. I have...