## https://sploitus.com/exploit?id=WPEX-ID:5D5DA91E-3F34-46B0-8DB2-354A88BDF934
Using a Contributor+ account and a proxy interceptor such as Burp Suite, create an event.
Change the event_location parameter name in the request to event_author, and feed it an ID of an admin (example ID 1).
Submit the request, and the event will be created, reflecting that it was created by X admin (the username of the ID used in step 2).