Just a heads up, and maybe something for the Wordfence sleuths to consider investigating – i have found two plugins attempting to (and succeeding!) inject malware into my wordpress installation, namely Yeost-No_Adds, and Admin Post Spider.
Yes, one or both of these plugins corrupted my database, and i have to start from scratch, after struggling for more than a day to fix it, even with the help of my hosting service provider – there is nothing that can be done, because they block my administrator access completely, and wipe my wp_config file…
Hopefully this post could help others to avoid the same problems i had experienced…