Arbitrary File Upload Vulnerability in MDJM Event Management Plugin by WordPress
CVE-2026-7537

7.2HIGH

Key Information:

Vendor

WordPress

Vendor
CVE Published:
6 June 2026

What is CVE-2026-7537?

The MDJM Event Management plugin for WordPress allows authenticated users with administrator-level access to upload files without any validation of file types, extensions, or MIME types. This vulnerability can lead to remote code execution, enabling attackers to upload potentially harmful executable files, posing significant security risks.

Affected Version(s)

MDJM Event Management 0 <= 1.7.8.3

References

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ryan Kozak
.