The Builder Contact add-on contains a security loophole that allows hackers to send spam / phishing emails on behalf of websites that use it, according to a announcement the company's.
The issue was first reported by some forum members supportof the company and immediately after to the WordFence team.
According to the company's announcement, immediate measures have been taken to repair all security gaps and an update has been released.
If useste Builder Contact on the previous version 1.4.6, you should update to the latest version immediately.
If you have the old version of Builder Contact installed on your server but have not activated it, delete it or replace it with the latest version (do not leave the vulnerability on the server, even if you do not have it enabled).
If your subscription has expired and Builder Contact cannot be updated, please contact the company and they will give you the free new edition with a 3-month subscription extension.