Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack
Make a contributor or higher user open a link where <> is a valid event: https://example.com/wp-admin/admin.php?page=mf_gig_calendar&id;=<>&action;=delete