This plugin infected my entire site. I cleaned the entire site, downloaded a new version of WP and backed up files.
I re-installed the plugin (paid version) and then ran my scan - this is the result:
This file may contain malicious executable code
File type: Not a core, theme or plugin file.
Issue first detected: 31 secs ago.
This file is a PHP executable file and contains a line 2045 characters long without spaces that may be encoded data along with functions that may be used to execute that code. If you know about this file you can choose to ignore it to exclude it from future scans.
I emailed support several times as I believe it would be a great plugin but to no avail.