CVE-2024-7891
The CVE-2024-7891 entry concerns the Floating Contact Button WordPress plugin (versions before 2.8). The issue is due to inadequate sanitization/escaping of certain settings, enabling Cross-Site Scripting by high-privilege users (e.g., administrators) even when unfiltered_html is disallowed. Publ...