Share
## https://sploitus.com/exploit?id=WPEX-ID:10171
Inject XSS via most fields in the booking form, which will then be executed on the Customer-booking admin page, when viewed by an authenticated administrator.