## https://sploitus.com/exploit?id=WPEX-ID:87CE3C59-B234-47BF-ABCA-E690B53BBE82
1. Create an event page using the plugin.
2. Access the page using an account with Subscriber role.
3. In the 'User notes' section, inject the following XSS payload: `<img src=q onerror=prompt(/XSS/)>`