You always need to keep up with the cyber security of your WordPress website and any plug-ins you use. Here is another that needs checking:
Massive Balada Injector campaign attacking WordPress sites since 2017 (bleepingcomputer.com)
Now the question you need to ask yourself is who looks after my website, assuming you know that it is hosted on the WordPress platform, because you need to check they are keeping things secure.
Have a read of this article to see what I am talking about:
How much are you relying on your web designer to protect your reputation? – CyberAwake
Clive Catton MSc (Cyber Security) – by-line and other articles