There are multiple vulnerabilities in this plugin, such as arbitrary command execution, clear text MySQL password exposure through html text box under configuration panel, MySQL password exposed to process table, database backups exposed to local users due to open file permissions, authenticated remote file access and unauthenticated remote access to backup files via easily guessable file names.
Update the plugin.