## https://sploitus.com/exploit?id=WPEX-ID:576CC93D-1499-452B-97DD-80F69002E2A0
* Go to Setting Tab Under Calendar Lite Plugin
* Under Setting tab Click on Slugs/Permalinks tab
* Enter the XSS payload into Main Slug and Category Slug both. Both fields are vulnerable.
XSS payload used : "><script>alert(1)</script>
* Click On Save Changes. then visit to Setting tab again or reload it. XSS will popup.