Vulnerabilities and security researches formobile-dj-manager mobile-dj-manager

Jan 26, 2025

CVE, Research URL: CVE-2025-22714
Home page URL: Security reports for MDJM Event Management
Application: MDJM Event Management
Date: Jan 24, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM MDJM Event Management allows Reflected XSS. This issue affects MDJM Event Management: from n/a through 1.7.5.5.
Affected versions: max 1.7.5.5.
Status: vulnerable

Apr 02, 2025

CVE, Research URL: CVE-2025-31074
Home page URL: Security reports for MDJM Event Management
Application: MDJM Event Management
Date: Apr 01, 2025
Research Description: Deserialization of Untrusted Data vulnerability in MDJM MDJM Event Management allows Object Injection. This issue affects MDJM Event Management: from n/a through 1.7.5.2.
Affected versions: max 1.7.5.3.
Status: vulnerable

Jul 03, 2025

CVE, Research URL: CVE-2025-52824
Home page URL: Security reports for MDJM Event Management
Application: MDJM Event Management
Date: Jun 27, 2025
Research Description: Missing Authorization vulnerability in MDJM Mobile DJ Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Mobile DJ Manager: from n/a through 1.7.6.
Affected versions: max 1.7.6.
Status: vulnerable

Apr 14, 2026

CVE, Research URL: CVE-2026-1650
Home page URL: Security reports for MDJM Event Management
Application: MDJM Event Management
Date: Mar 07, 2026
Research Description: The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'custom_fields_controller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom event fields via the 'delete_custom_field' and 'id' parameters.
Affected versions: max 1.7.8.2.
Status: vulnerable

Jun 07, 2026

CVE, Research URL: CVE-2026-7537
Home page URL: Security reports for MDJM Event Management
Application: MDJM Event Management
Date: Jun 06, 2026
Research Description: The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for authenticated attackers, with administrator-level access and above, to upload files that may be executable, which makes remote code execution possible.
Affected versions: max 1.7.8.4.
Status: vulnerable