While booking an appointment, paste the following script in the "Mobile phone" field:

" onmouseover=alert(1234);//

Next, as an administrator view https://vulnerable-site.tld/wp-admin/edit.php?post_type=sln_booking, and hover your the Tel. part of that new entry's username column.
This can also be exploited by sending the sln[sms_prefix] parameter, which you may have to create in the form like so:
While booking an appointment. Fill most fields with valid user information, then use your browser's inspector to rename the "Address" input field's name from sln[address] to sln[sms_prefix], and set its value to "onmousemove=alert(123);//.