The plugin does not sanitise or encode the Title of the calendar entries when outputting them in the admin dashboard, leading to Stored XSS issue. Due to the lack of CSRF check, this can be exploited by a CSRF attack, making logged in administrators create malicious entries
The PoC will be displayed once the issue has been remediated