Share
## https://sploitus.com/exploit?id=WPEX-ID:309296D4-C397-4FC7-85FB-A28B5B5B6A8D
Put the following payload in the "Now closed message" setting and save them: <script>alert(/XSS/)</script>

Then refresh the setting page, or go to a page where the Business Hours are output (tested with the [mbhi ..] shortcode) to trigger the XSS