CVE-2024-11645

Name of the Vulnerable Software and Affected Versions float block WordPress plugin versions 1.7 and earlier

Description The issue concerns the float block WordPress plugin, which does not properly sanitise and escape some of its settings. This could allow high privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a multisite setup.

Recommendations For float block WordPress plugin version 1.7 and earlier, update to a version that properly sanitises and escapes its settings to prevent Stored Cross-Site Scripting attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.