## https://sploitus.com/exploit?id=WPEX-ID:576CC93D-1499-452B-97DD-80F69002E2A0 * Go to Setting Tab Under Calendar Lite Plugin * Under Setting tab Click on Slugs/Permalinks tab * Enter the XSS payload into Main Slug and Category Slug both. Both fields are vulnerable. XSS payload used : "><script>alert(1)</script> * Click On Save Changes. then visit to Setting tab again or reload it. XSS will popup.