CCF version 126.96.36.199
I emailed you about this a couple of weeks ago using the address listed on your website but haven't heard anything back.
I'm loathe to provide too many details here, but suffice it to say there appears to be a way of using any website with your CCF plugin installed to send email to arbitrary addresses.
How do you want to proceed? Full disclosure or careful analysis?
[ Please do not bump, that's not permitted here. ]