Reflected Cross-Site Scripting (XSS) vulnerability discovered by Krzysztof Zając in WordPress All-in-one Floating Contact Form plugin (versions <= 2.0.3).
Update the WordPress All-in-one Floating Contact Form plugin to the latest available version (at least 2.0.4).