Hi,
I compared the flot folder of WordPress Contact Forms plugin with Flot 0.7.0 I just downloaded from https://codeload.github.com/flot/flot/tar.gz/v0.7.0 , and the only differences are in the examples folder (i removed it from the copy included in Contact Forms) and minifized versions of the scripts (not included in the GitHub repository).
The file jquery.flot.js and the other files are identical to the ones in this repository. Maybe some malware includes the same version of the Flot library or it's just a false positive. I'll report this to GOTMLS.net