Arbitrary File Upload Vulnerability in MDJM Event Management Plugin by WordPress
CVE-2026-7537
7.2HIGH
What is CVE-2026-7537?
The MDJM Event Management plugin for WordPress allows authenticated users with administrator-level access to upload files without any validation of file types, extensions, or MIME types. This vulnerability can lead to remote code execution, enabling attackers to upload potentially harmful executable files, posing significant security risks.
Affected Version(s)
MDJM Event Management 0 <= 1.7.8.3