The user can always sue Plausible for lying about their product to get their damages back. In the end, the user of these services is responsible for maintaining the privacy of their customers/visitors.
I'm not a lawyer but Company using Plausible gets fined, but then they can sue Plausible. most likely.
But GDPR enforcement is more like 'you need to fix this, if you don't you get the fine' - if you are actually helpful and do your duty to improve the process the fine is usually reduced.
Since Plausible is selling a product that clearly claims this, who is on the hook in case a user of Plausible gets a fine?