The Quick Event Manager plugin for WordPress is not secure in versions up to and including 9.7.4. People with minimal access to the site such as subscribers can change registration settings that should only be available to site administrators. This means that people with limited access can do more than they should be able to do.