This plugin is prone to a local file inclusion vulnerability. It allows attackers to execute code on the target web server or on a site visitor’s browser. Then they can steal data or perform a denial of service attacks.
Update the plugin.
Found a vulnerability that puts your sites at risk?