Authenticated Stored Cross-Site Scripting (XSS) vulnerability was discovered by Raad Haddad in the WordPress Simply Schedule Appointments plugin (versions <= 1.5.7.6).
Update the WordPress Simply Schedule Appointments plugin to the latest available version (at least 1.5.7.7).