It has come to my attention that this addon could allow an attacker to access the user account of anyone with permission to login as another user.
This urgent security update fixes this security issue.
I am not aware of any site affected by this security issue.
PLEASE UPDATE ASAP
Importing of the XML is not required, but is recommended to keep the version numbers accurate.
This update also sends the PM when the user logs out, not when you login as the user.