## https://sploitus.com/exploit?id=WPEX-ID:0EB07CC8-8A19-4E01-AB90-844495413453
As unauthenticated, book an Event, and put the following payload in the Buyer Info First or Last Name: <svg/onload=alert(/XSS/)>
The XSS will be triggered when admin view the Orders page in the admin dashboard (/wp-admin/edit.php?post_type=tc_orders)
https://www.youtube.com/watch?v=AGs6WqI4VAg