## https://sploitus.com/exploit?id=WPEX-ID:75A67932-D831-4DFB-A70D-A07650EAA755
Create a new Calendar (Appointment Hour Booking > Add new)
Put the following payload in the Form Settings > "Form Name" and "Description" fields: <img src onerror=alert(/XSS/)>
Click the "Save Changed and Return" button
The XSS will be triggered
- When editing the calendar again in the admin dashboard
- In posts/page where the calendar is embed