cvedb.io
CVE-2022-0404
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2022-04-04T16:15:09.150 · Last modified 2026-06-17T04:20:32.550

Summary

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.

Affected products

material_design_for_contact_form_7_project — material_design_for_contact_form_7

Does this affect you?

Add your gear to cvedb and we'll alert you only when material_design_for_contact_form_7_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.