Dk4Trin

**Name of the Vulnerable Software and Affected Versions** EventON WordPress plugin versions prior to 2.2.17 **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks by injecting malicious scripts, even when unfiltered html is disallowed. This is due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For versions prior to 2.2.17, upgrade the affected plugin immediately to protect your site. As a temporary workaround, consider restricting access to the plugin's settings handler to minimize the risk of exploitation.