Successful password resets and suspicious scripts on my WordPress instance

This is a bug in the POST SMTP plugin. It has been reported here, and also the plugin support forum is full of reports of the same issue.

The issue has been fixed in version 2.8.8 of POST SMTP.

tech