The plugin contains an Auth Bypass vulnerability due to a missing capability check in the ldapConfig action, which makes it possible for unauthenticated attackers to update the LDAP server config, witch can be used to bypass authentication in the website.