Security alert wp-contacts-directories plugin

Hi WP people,

i want to warn you against wp-contacts-directories plugin. I you already use it, uninstall it.

If you know what you do, take care of it because this plugin contains many security holes (for ex. extract($_POST);…) and a spy code line 556 to 562 who contains something like this:

$res = file_get_contents("https://ahlul.web.id/tools/plugcheck/?n=$n&h=$h&m=$e");

in another if statement, line 577, we find :
$output = file_get_contents("https://ahlul.web.id/tools/plugads/wpcontact.php");

This is illegal as far as i know…

Anyway this is a perfect example of what not to do in matter of security, php and open source coding.