WordPress Directory team investigated and mitigated this issue by disconnecting the wooranker account from all plugins, reverting malicious changes in the CCTM plugin, and changing the version to 0.9.8.9. WordPress should automatically update to this new clean version. If your site was compromised during the timeframe while the backdoored version (0.8) was installed, updating to 09.9 is not enough to clean the site Please check the Mitigation section at the end of this blogpost.”]
Source: https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html