## https://sploitus.com/exploit?id=WPEX-ID:479704D8-057B-4642-B84A-4A78567BA20B
As a Staff Member, put the following payload in your Full Name (Booklyn --> Profile --> Edit --> Full Name): <script>alert(/XSS/)</script>
The XSS will be triggered when an admin open the Staff members order page (Booklyn --> Staff Members --> Staff member order)