With the amount of WordPress sites living on our network we felt that everyone should be aware of a Captcha plugin by BestWebSoft that is called Captcha Pro. The developer sold the plugin to an undisclosed buyer who then placed a backdoor in the code base which then is placed in a wordpress site using this plugin when the plugin is updated.
https://thehackernews.com/2017/12/wordpress-security-plugin.html
If you or any of your clients are using this plugin in a wordpress site it needs to be removed immediately.