Installed plugin by browsing plugins on wordpress through my sites’s dashboard > plugins > add new. (and not by uploading zip file)

Copying the email I got from my web hosting provider:

Dear Customer,

As provider of Shared Hosting services, we monitor the usage of all our customers to ensure that our Quality of Service is not adversely affected. Our goal is to ensure that one customer should not affect all the other customers on the same server.

As part of our routine monitoring, we have observed that some of the files hosted on this server belonging to [my site] hosted under your account, has some malicious files hosted. In order to prevent blacklisting of our service with various service providers, we have blocked outbound port 80, 443, 587 and 465 for this domain name as a precautionary measure. Here are the details of the files that were detected to be malicious.

/home/[username]/public_html/wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

Note: We have moved the file(s) to a separate folder named “quarantine” outside the public_html folder. The directory structure/original path has been maintained, so that once you have cleaned the file, you can move it back to its original location.

We strongly suggest you to scan all the above listed files for any vulnerabilities. If the files are part of some plugins of your CMS, then we suggest you to update the plugin to the latest version or contact the plugin developer directly.