Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/06/07 8:59 a.m.15 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/06 2:28 a.m.10 views

CVE-2026-7537

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References11
Vulnrichment
Vulnrichment
added 2026/06/06 2:28 a.m.11 views

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/06/06 2:28 a.m.38 views

CVE-2026-7537 MDJM Event Management <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload via 'mdjm_email_upload_file' Parameter

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS0.00659EPSS
Exploits1References10
CVE
CVE
added 2026/06/06 2:28 a.m.42 views

CVE-2026-7537

The CVE concerns the MDJM Event Management WordPress plugin (≤ 1.7.8.3). The vulnerability is an Arbitrary File Upload via the mdjm_send_comm_email function, caused by lack of validation for file type, extension, and MIME type on uploads. This enables authenticated attackers with administrator-le...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References10
EUVD
EUVD
added 2026/06/06 2:28 a.m.14 views

EUVD-2026-34948

The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjmsendcommemail function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for...

7.2CVSS6.3AI score0.00659EPSS
Exploits1References10
Patchstack
Patchstack
added 2026/06/05 2:20 p.m.9 views

WordPress MDJM Event Management plugin <= 1.7.8.3 - Authenticated (Administrator+) Arbitrary File Upload vulnerability

Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Ryan Kozak in WordPress Plugin Mobile DJ Manager versions = 1.7.8.3...

7.2CVSS5.4AI score0.00659EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2026/04/30 7:30 p.m.36 views

Exploit for CVE-2026-7537

MDJM Event Management = 1.7.8.3 - Authenticated Administrato...

7.2CVSS6.1AI score0.00659EPSS
Exploits1
NVD
NVD
added 2026/03/07 2:16 a.m.4 views

CVE-2026-1650

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

5.3CVSS0.00262EPSS
Exploits0References4
CVE
CVE
added 2026/03/07 1:21 a.m.20 views

CVE-2026-1650

The CVE concerns the MDJM Event Management plugin for WordPress. A missing capability check in the custom_fields_controller allows unauthenticated attackers to modify data by deleting arbitrary custom event fields via delete_custom_field and id parameters. Affected versions include all up to 1.7....

5.3CVSS5.9AI score0.00262EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/07 1:21 a.m.26 views

CVE-2026-1650 MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'customfieldscontroller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom...

5.3CVSS0.00262EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/07 12:0 a.m.6 views

PT-2026-23811

The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'custom fields controller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custo...

5.3CVSS5.9AI score0.00262EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-2936

Malicious code in bioql PyPI...

7.1CVSS8.7AI score0.00241EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-9071

Malicious code in bioql PyPI...

8.8CVSS8.9AI score0.00578EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/04/03 9:38 a.m.6 views

CVE-2025-31074

Deserialization of Untrusted Data vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Object Injection.This issue affects Mobile DJ Manager: from n/a through = 1.7.5.2...

8.8CVSS7.2AI score0.00578EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 6:15 a.m.15 views

CVE-2025-31074

Deserialization of Untrusted Data vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Object Injection.This issue affects Mobile DJ Manager: from n/a through = 1.7.5.2...

8.8CVSS0.00578EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 5:31 a.m.14 views

CVE-2025-31074 WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Object Injection.This issue affects Mobile DJ Manager: from n/a through = 1.7.5.2...

8.8CVSS0.00578EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 5:31 a.m.56 views

CVE-2025-31074

CVE-2025-31074 describes a Deserialization of Untrusted Data vulnerability in the WordPress plugin MDJM Event Management . The issue enables PHP object injection via the plugin’s authenticated path and affects versions listed as up to 1.7.5.2 (the vulnerable range is indicated as from n/a through...

8.8CVSS7.2AI score0.00578EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.3 views

PT-2025-14075 · Unknown · Mdjm Event Management

Name of the Vulnerable Software and Affected Versions: MDJM Event Management versions 1.7.5.2 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in MDJM Event Management. Recommendations: For MDJM Event Management versions 1.7.5.2 and...

8.8CVSS9.2AI score0.00578EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.3 views

WordPress plugin MDJM Event Management 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

8.8CVSS8.4AI score0.00578EPSS
Exploits0References2
Rows per page
Query Builder