The Events Calendar plugin for WordPress is not secure and can be hacked through the admin settings. This allows attackers with high-level permissions to add harmful scripts to pages that users visit. This only affects certain types of WordPress installations.