CVE-2026-7537
HIGH
7,2
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Description
AI Translation Available
The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. This is due to no file type, extension, or MIME type validation being performed on uploaded files. This makes it possible for authenticated attackers, with administrator-level access and above, to upload files that may be executable, which makes remote code execution possible.
434
Unrestricted Upload of File with Dangerous Type
DraftCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Applicable Platforms
Languages:
ASP.NET, PHP, Not Language-Specific
Technologies:
Web Server, AI/ML
https://github.com/d0n601/CVE-2026-7537
https://plugins.trac.wordpress.org/browser/mobile-dj-manager/tags/1.7.8.2/inclu…
https://plugins.trac.wordpress.org/browser/mobile-dj-manager/tags/1.7.8.2/inclu…
https://plugins.trac.wordpress.org/browser/mobile-dj-manager/tags/1.7.8.3/inclu…
https://plugins.trac.wordpress.org/browser/mobile-dj-manager/tags/1.7.8.3/inclu…
https://plugins.trac.wordpress.org/browser/mobile-dj-manager/trunk/includes/adm…
https://plugins.trac.wordpress.org/browser/mobile-dj-manager/trunk/includes/adm…
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&ol…
https://ryankozak.com/posts/cve-2026-7537/
https://www.wordfence.com/threat-intel/vulnerabilities/id/42f37a41-deff-4b17-94…