The Events Calendar < 6.4.0.1 - Reflected XSS

The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX.