If you are a using WordPress Custom Contact Forms plugin, you need to update it immediately.
There was a critical vulnerability existed in WordPress Custom Contact Forms plugin that allows an attacker to download and modify your database remotely (no authentication required).
The plugin is downloaded more than 600,000+ and the vulnerability affects the every websites which are using plugin version 22.214.171.124 and lower.
How to fix?
There is an update available for WordPress Custom Contact Forms Plugin version 126.96.36.199. You should upgrade your plugin immediately to latest version.