Hi @raytan12, thanks for getting in touch!
I have noticed a few cases of admin users being flagged recently but no similarity between the usernames chosen to suggest the same plugin or compromize. There are attack vectors outside of WordPress that we don’t control like database passwords, cPanel access and FTP credentials so if you believe anything may have been compromized, update your passwords for your hosting control panel, FTP, WordPress admin users, and database.
The “Scan for suspicious admin users created outside of WordPress” feature is intended to find admins created either outside of the WordPress admin UI, or outside of the way plugins typically create them by using WordPress’ own built-in functions. If the user was created by a user management plugin that uses another method to insert the records into the database, then it could report each new admin user in this way.
If there is no reason for you to believe one of your other plugins may be involved, deletion is your best option. If you also take steps to update passwords but see a repeat of this in the near future, it may need some further investigation or a site cleaning.
Thanks,
Peter.
Thanks for the clarifications, Peter.