Yes actually 2 issues, first I do not get notifications via the dashboard of updates so my current version is out of date I am on version 7.9.5. Second and most importantly I got this from my security scanner
LexiConn Support via lexiconn5.serverhost.net
8:38 AM (9 minutes ago)
The hackers uploaded the file using this web access:
184.108.40.206 – – [06/Feb/2018:16:20:09 -0500] “POST /wp-admin/admin-ajax.php?action=nm_personalizedproduct_upload_file HTTP/1.1” 200 584
Do you have a plugin that allows customer uploads for personalization? Maybe it’s vulnerable, or not updated?