The plugin does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors.
As a contributor, add the following shortcode in a page, replacing ID with the ID of a draft/private/password protected/trashed post/page to access, then preview the post to display the content [post-content-sc id=“ID”] [page-content-sc id=“ID”]