The plugin was affected by a Cross-Site Request Forgery issue, which may allow attackers to change some of the settings. It also appears that some Authenticated Cross-Site Scripting issues have been fixed, which could be used along with the CSRF to perform Stored XSS attacks.