The plugin is affected by an authenticated stored cross-site scripting vulnerability which was found in the add donation feature.
1. Go to /wp-admin/edit.php?post_type=donation
2. Add new donation
3. In the first or last name forms, add the XSS payload
4. Save and the XSS payload will be executed