A serious vulnerability in the Custom Contact Forms plugin has been announced. While popular, this plugin appears to be infrequently updated and the developers were not very responsive in fixing the plugin, so it may be advisable to move to an alternative if possible.
What to do: Upgrade the Custom Contact Forms plugin as soon as possible if you use the plugin on any of your WordPress sites. While it appears as though the developer has recently update the plugin, his past performance may be in question. Evaluate and make your own decision as to what to do.