cleantalk
Vulnerabilities and Security Researches

MDJM Event Management, CVE-2026-1650

CVE, Research URL

CVE-2026-1650

Home page URL

Security reports for MDJM Event Management

Application

MDJM Event Management

Published on
Mar 07, 2026
Research Description
The MDJM Event Management plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the 'custom_fields_controller' function in all versions up to, and including, 1.7.8.1. This makes it possible for unauthenticated attackers to delete arbitrary custom event fields via the 'delete_custom_field' and 'id' parameters.
Affected versions
max 1.7.8.2.
Status
vulnerable
Previous vulnerability researches
MDJM Event Management (CVE-2025-52824) , Jul 03, 2025
MDJM Event Management (CVE-2025-22714) , Jan 26, 2025
MDJM Event Management (CVE-2025-31074) , Apr 02, 2025
MDJM Event Management (CVE-2026-1650) , Apr 14, 2026
MDJM Event Management (CVE-2026-7537) , Jun 07, 2026
New vulnerability
Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress (CVE-2026-6448) , Jun 07, 2026
RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator (CVE-2026-8976) , Jun 07, 2026
EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg (CVE-2026-7796) , Jun 07, 2026
Backup, Restore and Migrate WordPress Sites With the XCloner Plugin (CVE-2026-48965) , Jun 07, 2026
WP User Manager – User Profile Builder & Membership (CVE-2026-9290) , Jun 07, 2026