CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

CVE-2026-7537

The CVE concerns the MDJM Event Management WordPress plugin (≤ 1.7.8.3). The vulnerability is an Arbitrary File Upload via the mdjm_send_comm_email function, caused by lack of validation for file type, extension, and MIME type on uploads. This enables authenticated attackers with administrator-le...

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

EUVD-2026-34948

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

Exploit for CVE-2026-7537

MDJM Event Management = 1.7.8.3 - Authenticated Administrato...

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

CVE-2026-1650

The CVE concerns the MDJM Event Management plugin for WordPress. A missing capability check in the custom_fields_controller allows unauthenticated attackers to modify data by deleting arbitrary custom event fields via delete_custom_field and id parameters. Affected versions include all up to 1.7....

CVE-2026-1650 MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

PT-2026-23811

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'custom fields controller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custo...

EUVD-2025-9071

Malicious code in bioql PyPI...

EUVD-2025-2936

Malicious code in bioql PyPI...

CVE-2025-31074

Deserialization of Untrusted Data vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Object Injection.This issue affects Mobile DJ Manager: from n/a through = 1.7.5.2...

CVE-2025-31074

Deserialization of Untrusted Data vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Object Injection.This issue affects Mobile DJ Manager: from n/a through = 1.7.5.2...

CVE-2025-31074 WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Object Injection.This issue affects Mobile DJ Manager: from n/a through = 1.7.5.2...

CVE-2025-31074

CVE-2025-31074 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin MDJM Event Management . The issue enables PHP object injection via the plugin’s authenticated path and affects versions listed as up to 1.7.5.2 (the vulnerable range is indicated as from n/a through...

WordPress plugin MDJM Event Management 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

PT-2025-14075 · Unknown · Mdjm Event Management

Name of the Vulnerable Software and Affected Versions: MDJM Event Management versions 1.7.5.2 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in MDJM Event Management. Recommendations: For MDJM Event Management versions 1.7.5.2 and...

WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by LVT-tholv2k in WordPress Plugin Mobile DJ Manager versions = 1.7.5.2...