Yes, it looks like somebody hacked your site. Exactly where your site was hacked is unknown. Could it be the plugin that was hacked or another file? Do you host any other websites on your hosting account? One or more of those could have been hacked. Those hackers don't like to go away easily. They can and often do stash backdoors all over your hosting account so if you find one, they will have another point of entry.
That's your only option. If you aren't willing to go through the time and effort of deleting everything and installing everything fresh and clean, you can take a look at file modification times and see if you can find any that are out of the ordinary. If all of your file modification times in a folder are on the same date and one is much newer, that could be a clue that file has been compromised. But, hackers can change the file modification time to anything they want so this is not a fool-proof way of tracking down the problem.
I've been hacked, too. More than once. It sucks, I know. The only way to be sure you got rid of the exploit is to delete everything and install fresh. Be sure to change all of your passwords including your cPanel or other control panel password, your billing password, and your database passwords which are easily readable in the config files.