## https://sploitus.com/exploit?id=WPEX-ID:48DCCF4C-07E0-4877-867D-F8F43AEB5705
v < 1.5.7
Add/edit a custom field (/wp-admin/admin.php?option=com_vikbooking&task=customf) and put the following payload in the Field Name or Popup Link fields: "autofocus/onfocus=alert(/XSS/)//
The XSS will be triggered when editing the Custom Field again
v < 1.5.8
Add the following payload in the Admin Email settings (at /wp-admin/admin.php?option=com_vikbooking&task=config): "autofocus/onfocus=alert(/XSS/)//
Other settings were also affected