A friend mentioned her site had Base64 malware identified on her site after installing this plugin.
I thought this was really strange knowing the popularity and integrity of both this plugin/developer and WordPress repository so I downloaded the plugin files to have a look... I inspected the files in the css directory and found what appears to be suspicious code the default-rtl.css, default-rtl.min.css, default.css and the default.min.css files.
I am not a coder so please take this and check for yourself. I just thought it would be a good idea to let you know about it.
My friend went to delete the plugin and it deleted her entire site. After restoring the site, her site did test clean.