Hacker able to install plugin and change content in the server rootkitninja ojs 3.4.0.5

Describe the issue or problem
hacker able to install plugin and change content in the server rootkitninja ojs 3.4.0.5

how to trace when the hacker install the plugin and can we trace which account install it?
it install in import export plugin directory
seems alot of ojs installation is affected by this mostly from indonesia.

google search result

file location is outside public_html
Steps I took leading up to the issue

What application are you using?
ojs 3.4.0.5

Additional information
.

already have fix by OJS team… need to upgrade to latest version. more read here…

by openjournaltheme

tq for the support