Versions before 2.1.4 suffered from an issue with insecure default settings, the issue affects Joomla 3.4 sites only, but users are advised by the developer to update anyway.

Resolution: Update to version 2.1.4

Update notice URL: https://www.spiralscripts.co.uk/News/security-release-master-user-plugin.html