This plugin is prone to a cross site scripting vulnerability in index_popup.php parameter.
Update the plugin.
secunia.com/advisories/56447/