WordPress RSVPMaker plugin is prone to a persistent XSS vulnerability. The RSVP form does not properly sanitize input fields. This vulnerability will fire when the admin views the event's attendance list in the RSVP report section.
Update the plugin.
Type XSS (Cross Site Scripting) OWASP Top 10 A3: Cross Site Scripting (XSS)