The Events Calendar plugin for WordPress has a security issue that can be exploited by hackers. This vulnerability, present in versions up to 6.5.1.4, is caused by a lack of proper validation when restoring events through the action_restore_events() function. This means that attackers who are not logged in to the site can manipulate a site administrator into restoring events by tricking them into clicking on a link.