The Encrypted Contact Form WordPress plugin was affected by a CSRF & XSS security vulnerability.
packetstormsecurity.com/files/131955/
packetstormsecurity.com/files/132209/
seclists.org/fulldisclosure/2015/May/63
vulners.com/exploitdb/EDB-ID:37264