Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack
Make a contributor or higher user open a link where <<EVENT_ID>> is a valid event:
https://example.com/wp-admin/admin.php?page=mf_gig_calendar&id=<<EVENT_ID>>&action=delete