CVE-2024-22134 is a CWE-918 SSRF vulnerability in Renzo Johnson's Contact Form 7 Extension For Mailchimp, affecting versions through 0.5.70. SSRF vulnerabilities allow attackers to make the vulnerable server perform HTTP requests to arbitrary domains or internal systems. This issue has a CVSS 3.1 base score of 4.9 (medium severity) with network attack vector, high attack complexity, low privileges required, no user interaction, and impacts confidentiality and integrity with no impact on availability. No patch or official remediation level has been disclosed by the vendor as of the publication date.

An attacker with low privileges can exploit this SSRF vulnerability to cause the server to send crafted requests to internal or external systems, potentially exposing sensitive information or manipulating data. The impact is limited to partial confidentiality and integrity loss, with no direct availability impact. There are no known active exploits reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or temporary workaround is currently available, users should monitor vendor communications for updates. Until a patch is released, consider restricting outbound HTTP requests from the server hosting the plugin to reduce SSRF risk if feasible.