If you are a using WordPress Custom Contact Forms plugin, you need to update it immediately.
There was a critical vulnerability existed in WordPress Custom Contact Forms plugin that allows an attacker to download and modify your database remotely (no authentication required).
The plugin is downloaded more than 600,000+ and the vulnerability affects the every websites which are using plugin version 220.127.116.11 and lower.
How to fix?
There is an update available for WordPress Custom Contact Forms Plugin version 18.104.22.168. You should upgrade your plugin immediately to latest version.