The plugin does not have CSRF check when reseting its Settings, which could allow attackers to make logged in admins perform such action via a CSRF attack
Make a logged in admin open https://example.com/wp-admin/admin.php?page=side-cart-woocommerce-settings&reset=yes