Thank you for contacting us, I'm sorry about that.
I don't know why, but the hacker can hack the site via the plugin or WordPress core. I have enabled the Captcha and require email confirmation config, it also helps you avoid the spam email.
You can follow the article to protect your site https://www.collectiveray.com/wordpress/wordpress-tutorials/the-essential-checklist-to-prevent-your-wordpress-website-from-getting-hacked.html
Please check it to make your site more secure.
You must be logged in and have valid license to reply to this topic.