VR Calendar < 2.3.2 - Unauthenticated Arbitrary Function Call

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.