The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens.
https://wpscan.com/vulnerability/8c83dd57-9291-4dfc-846d-5ad47534e2ad