Ideally, you have a daily backup of your website (essential if your website is business-critical).
Ask your web developer or hosting provider to restore you a safe version from a recent backup, and then upgrade your plugins and WordPress version to the latest version.
If you don’t have a backup (I’ll deal with that one in a moment!), you can use the Sucuri service to do a hack cleanup and set up their website firewall to prevent further attacks. It’s a very cost-effective service, and will usually be the cheapest and best way to get your website cleaned up.
Then I suggest that you get your backups sorted as quickly as possible (read more on backups in the FAQ here).
A worthy note about hacked WordPress websites…
Typically when a website has been hacked, it will be targeted for 1-2 years afterwards, as your website details will be shared by the ‘hackers’ letting them know it’s a soft target. What this means is you often get a surge in more attacks once your website has been compromised.
When you use the Sucuri website firewall, it actually helps to block 95%+ of these attacks without any effort from you or your developer. Usually, after 1-2 years, the attacks subside.