Security vulnerabilities can be reported privately through emailing [email protected].
Please provide all relevant information, including steps to reproduce the issue (if applicable), and whether you would like to be mentioned in the changelog and release notes. A fix will be prepared as soon as possible for the latest release of the plugin, and distributed through GitHub and WordPress.org