Share
## https://sploitus.com/exploit?id=WPEX-ID:3D15F589-956C-4C71-98B1-3BA89D22262C
While booking an appointment, paste the following script in the "Mobile phone" field:

" onmouseover=alert(1234);//

 
Next, as an administrator view https://vulnerable-site.tld/wp-admin/edit.php?post_type=sln_booking, and hover your the Tel. part of that new entry's username column.
 
This can also be exploited by sending the sln[sms_prefix] parameter, which you may have to create in the form like so:
 
While booking an appointment. Fill most fields with valid user information, then use your browser's inspector to rename the "Address" input field's name from sln[address] to sln[sms_prefix], and set its value to "onmousemove=alert(123);//.