The plugin does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue
As admin, put the following payload in the βCheckbox reminderβ setting of the plugin: ">