SPAM after activating WordPress plugin on Linux VPS

After activating a plugin I received an email that I had never recived before. What kind of miscellaneous code it might be? it's a coincidence? I received an email to my account Gmail that I never used on my VPS (not sure) and I am sure that I never used it on the website where I activated a plugin. But I activated the plugin exactly at 1:03 and I received SPAM (with pdf and link inside pdf) exactly at 1:03. I blocked using the root user years ago. I am using admin user of VestaCP.

My question is how can I scan WordPress plugin for malware or miscellaneous code or malware? I tried uploading zip with the plugin on virustotal but nothing was found. I need some help before I reinstall my VPS and all my websites.
Thank you

There are many WordPress plugins that offer malware scanning as part of their functionality, for example Wordfence.

I'd recommend trying to reproduce the issue with a unique email address in order to gain more certainty. Set up a fresh WordPress site, activate the plugin, and this time use the + suffix trick to create a unique email address like [email protected] where your normal address is [email protected]. If you get a spam email to that unique email address, then you can be reasonably certain that the spam is correlated to entering the address into the plugin form.