On February 15, 2021, the team contacted Themeum, the plugin’s publisher, and received a response that evening. The next day, on February 16, 2021, they made full disclosure.
On March 17, 2021, a patched version of the plugin was released. Themeum published a blog post about the security problems fixed in the update the same day, in a commendable show of accountability.
If you know someone who uses this plugin, please share this update with them and ask them to update to the most recent version available, as this vulnerability has been known since the plugin was updated.