If you are using the popular Jetpack plugin in your WordPress installation, you need to check the version and update it to the latest as soon as possible.
A vulnerability has been identified in Jetpack versions 3.7 and below in cases where it is using the contact form module present in the plugin (it is activated by default so you might not be aware it is enabled). The vulnerability allows hackers to inject malicious code into your website.
A security patch (Jetpack 3.7.1 and 3.7.2) was released on September 28th, 2015 to fix the problem.
It is recommended that you update your Jetpack plugin as soon as possible.
Be safe, not sorry.