As the developer of this plugin, I can assure you it’s definitely not been written for the purpose of spamming.
It’s likely to be attacked due to its relatively high popularity. Spammers know that it is more likely to be on people’s servers, so they can target it with less guesswork. I’ve noticed a number of other plugins have been targeted similarly.
If you’re concerned about security of plugins, you can download them fresh and install them again. If you’re OK with changing server settings, I’d also recommend changing file permissions on plugin scripts to remove editing privileges. This can help prevent plugin files from being hacked. Can be fiddly when it comes to updating, but it does add extra security.