Possible Spam being sent from WordPress (possible bug)

I host a number of customers through a business of ours. Within the last 2 days I found, what I believe to be, wordpress being used to send spam emails. I have used the MailHeaders addon and few others to track down this spam and it always comes up leading to the main domain as such:

Sun Jan 29 17:58:09 CST 2012 – /home/username1/public_html/domain1.com – username1 x 551 549 /home/username1 /usr/local/cpanel/bin/noshell
Sun Jan 29 17:58:42 CST 2012 – /home/username2/public_html/domain2.com – username2 x 583 581 /home/username2 /usr/local/cpanel/bin/noshell

X-PHP-Script: https://www.domain1.com/index.php for (ip address)

Return-path: <>
Envelope-to: [email protected]
Delivery-date: Sun, 29 Jan 2012 16:59:12 -0600
Received: from mailnull by servername.com with local (Exim 4.69)
id 1RrdiK-003PjM-38
for [email protected]; Sun, 29 Jan 2012 16:59:12 -0600
X-Failed-Recipients: [email protected]
Auto-Submitted: auto-replied
From: Mail Delivery System <[email protected]>
To: [email protected]
Subject: Mail delivery failed: returning message to sender
Message-Id: <[email protected]>
Date: Sun, 29 Jan 2012 16:59:12 -0600

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

[email protected]
Domain domain has exceeded the max emails per hour (200) allowed. Message discarded.

—— This is a copy of the message, including all the headers. ——

Return-path: <[email protected]>
Received: from username by servername.com with local (Exim 4.69)
(envelope-from <[email protected]>)
id 1RrdiJ-003PjJ-Mj
for [email protected]; Sun, 29 Jan 2012 16:59:11 -0600
To: [email protected]
Subject: https://www.domain.com
X-PHP-Script: https://www.domain.com/index.php for ip address
Message-Id: <[email protected]>
From: [email protected]
Date: Sun, 29 Jan 2012 16:59:11 -0600

wordpress seo

I cannot cache these emails as they all seem to be sent to the same email address for some reason and thus they are going through until the hit the 200 email per hour limit.

I am hoping someone will have some insight to this. This is happening with 2 different domains, but running wordpress and different plugins. If I rename the folder of the addon domain on one of these accounts that email is generating from, the spam emails stop completely. If I replace the correct name of the folder, the emails begin again.

I have checked for mailing plugins and only one of the sites are running one and disabling it has no effect. So I am at a total lose here as to where these are generating from, but from the looks of things, they are coming form the wordpress itself.