The plugin does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and group via a CSRF attack.
https://example.com/wp-admin/admin.php?page=us_links&action=bulk_delete&link_ids[]=1
https://example.com/wp-admin/admin.php?page=us_groups&action=bulk_delete&group_ids[]=1