M3Hd22

**Name of the Vulnerable Software and Affected Versions** EasyEvent WordPress plugin versions 1.0.0 and earlier **Description** The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the plugin not sanitizing and escaping some of its settings. **Recommendations** For EasyEvent WordPress plugin versions 1.0.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.