Vulnerability CVE-2024-7891
Published: 2024-09-10

Description:
The Floating Contact Button WordPress plugin before 2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

 References:
https://wpscan.com/vulnerability/b584a225-0d91-464d-b1c1-15594274d9d4/
Copyright 2026, cxsecurity.com

 

Back to Top