That only indicates that your site is hacked. That doesn't mean that the plugin does not have a problem but just your site being hacked doesn't really make a case for that.
Can you point to the code here that is exploitable?
https://plugins.trac.wordpress.org/browser/jquery-smooth-scroll/#trunk