Change your FTP and WordPress Login passwords immediately. Typically code injection is done after the fact. ie the hacker cracks your FTP password and then uses that cracked FTP password to inject code into your website files. Another common attack method is the hacker has either hacked another website on the same Server that you are on or has purchased a hosting account on the same Server to cross infect other websites on that Server. Or the worst case scenario, the Host Server itself has been hacked and all websites under the Server will be attacked simultaneously.
Notify your Host support folks let them know that you have a security plugin installed that stopped the site from being hacked, but you want to alert them just in case of the things I mentioned above. Give them as much details as you can to help them isolate the source of the attack.
The time when files were autorestored/quarantined/the attempted code injection hack occurred. Copies of the hacker’s code if you saved any of the hacker’s code in quarantined files.