* Go to Setting Tab Under Calendar Lite Plugin
* Under Setting tab Click on Slugs/Permalinks tab
* Enter the XSS payload into Main Slug and Category Slug both. Both fields are vulnerable.
XSS payload used : "><script>alert(1)</script>
* Click On Save Changes. then visit to Setting tab again or reload it. XSS will popup.