I recently upgraded my WordPress blog to the latest version. I also added some new plugins which included "Email Notification" plugin by Brian Groce. Shortly afterward, I starting receiving bounces from emails that were being sent out through my server, but not through me.
I contacted Brian and heard back once from him. I noticed that data was being logged in the mySQL database from outside for this plugin. He verified that he knew that was happening, but that was all he knew about.
I have since tried getting in touch with him again, but haven't heard back. As a precaution, I disabled the plugin, however, I didn't delete the plugin at the time. I also disabled the php-Myadmin plugin (just in case).
Today, through my logs, I verified the email was being sent out through my server again. The logs showed that the perpetrator was using /maillist/index.php to send out the emails.
If anyone wishes to discuss this with me, I would be glad to entertain any emails sent to firstname.lastname@example.org