CVE-2026-1650

The CVE concerns the MDJM Event Management plugin for WordPress. A missing capability check in the custom_fields_controller allows unauthenticated attackers to modify data by deleting arbitrary custom event fields via delete_custom_field and id parameters. Affected versions include all up to 1.7....

CVE-2025-13361

CVE-2025-13361 : The Web to SugarCRM Lead plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) up to version 1.0.0 due to missing nonce validation on the custom field deletion function. This enables unauthenticated attackers to delete custom fields by tricking a site administra...