2 matches found
CVE-2022-0404
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7mddismissnotice action, allowing any logged in user with roles as low as Subscriber to set...
CVE-2022-0404
The CVE-2022-0404 issue affects the Material Design for Contact Form 7 WordPress plugin (versions ≤ 2.6.4). The root cause is missing authorization checks in the cf7md_dismiss_notice handling, allowing any logged‑in user (even Subscriber) to set arbitrary plugin options to true, potentially causi...