The MF Gig Calendar WordPress plugin up to and including 1.2.1 does not have CSRF checks in some places, which could allow malicious users to make logged in Contributors and above delete arbitrary events via a CSRF attack