Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
1. Got to https://example.com/wp-admin/options-general.php?page=easyevent
2. In the ID field enter the below payload: `<h1 onmouseover=alert(1)>hello</h1>`
3. Save and see the XSS