Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID field enter the below payload: `
` 3. Save and see the XSS