Medium severity6.5NVD Advisory· Published Apr 4, 2022· Updated Jun 17, 2026
CVE-2022-0404
CVE-2022-0404
Description
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Material Design for Contact Form 7 WordPress plugindescription
- Range: <=2.6.4
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/6d0932bb-d515-4432-b67b-16aba34bd285nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.