The plugin has a security issue that can be exploited in versions 2.6.3 and below. This can happen when untrusted information is processed in the import function through the ‘shortcode’ parameter. This can give attackers with administrator-level access the ability to inject a PHP Object. If there are other plugins or themes installed on the system, the attacker could potentially remove important files, access confidential information, or run their own code.