Yesterday plugin updated to ver 2.0.0. It seems that authors made strong code reengeneering. Now it calls wp-admin/admin-ajax.php.
I have locked wp-admin with .htpasswd on my site so after update nobody could open it because plugin called wp-admin/admin-ajax.php and it required authorization.
Settings do not help to solve this problem and even disabling the plugin. I had to uninstall it but made a couple of attempts after the autor reply on my case: https://wordpress.org/support/topic/security-issue-plugin-acess-to-admin-ajaxphp?replies=5
Unfortunatelly after 2 or 3 install and uninstall operations and attempts to change settings, the call to admin-ajax.php moved to the header of all pages and even total removal of plugin folder can't cut it of there.
I had no time to look for solution and recoverd site from backup. This plugin was hard to configure and had bugs and before, but that's enough for me. Going to find some alternates for share buttons and pannel.
Do not update to ver 2.0.0 if you locked wp-admin with password!