PT-2026-23811 · WordPress · Mdjm Event Management

Abhirup Konwar

Publicado

2026-03-07

Atualizado

2026-03-07

CVE-2026-1650

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions MDJM Event Management plugin for WordPress versions prior to 1.7.8.2

Description The MDJM Event Management plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the custom fields controller function. Unauthenticated attackers can delete arbitrary custom event fields by manipulating the 'delete custom field' and id parameters.

Recommendations Update the MDJM Event Management plugin to version 1.7.8.2 or later.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-1650

Produtos afetados

Mdjm Event Management

PT-2026-23811 · WordPress · Mdjm Event Management

CVE-2026-1650

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10