The Easy PayPal Events plugin for WordPress is potentially vulnerable to Reflected Cross-Site Scripting (XSS) attacks. This type of attack involves an attacker sending malicious code through a website to a user’s browser. If the user performs an action such as clicking a link, the malicious code can execute and cause harm. Versions of the plugin up to and including 1.1.1 do not sufficiently protect against this type of attack due to inadequate input sanitization and output escaping. This means an unauthenticated attacker could inject malicious web scripts into pages that are then executed if the user interacts with it. To address these issues, several security fixes have been made in versions up to 1.1.7.