There have been a couple of solutions to the problem if you look at the forum list...
Here's what I did, which is slightly different than those solutions, but keeps the author's intended user check in place:
In the file leaguemanager.php, change the following lines (it's the last line of the file):
//Security, check if current user is allowed to manage leagues
if ( !current_user_can( 'manage_leagues' ) ) :
echo '<p style="text-align: center;">'.__("You do not have sufficient permissions to access this page.").'</p>';
Change those lines and you'll update the version to 3.8.1 and get rid of the update notice, you'll fix the exploit per a security firm's suggestion and you'll keep the check that was placed on the lmloader to ensure the user is allowed to manage leagues.