Browse all 4 CVE security advisories affecting MDJM. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MDJM is a web-based event management platform primarily used for organizing weddings and other celebrations. Historically, it has been susceptible to multiple remote code execution vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and access control issues. The platform's security posture has been impacted by several high-severity CVEs, including cases allowing unauthorized administrative access and arbitrary code execution. These vulnerabilities typically arise in user-facing components like booking forms and dashboard interfaces, posing risks to both event organizers and their clients. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing security challenges in its architecture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-1650 | MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion — MDJM Event ManagementCWE-862 | 5.3 | Medium | 2026-03-07 |
| CVE-2025-52824 | WordPress Mobile DJ Manager plugin <= 1.7.8.3 - Privilege Escalation vulnerability — Mobile DJ ManagerCWE-862 | 8.8 | High | 2025-06-27 |
| CVE-2025-31074 | WordPress MDJM Event Management plugin <= 1.7.5.2 - PHP Object Injection vulnerability — Mobile DJ ManagerCWE-502 | 8.8 | High | 2025-04-01 |
| CVE-2025-22714 | WordPress MDJM Event Management Plugin <= 1.7.5.6 - Reflected Cross Site Scripting (XSS) vulnerability — Mobile DJ ManagerCWE-79 | 7.1 | High | 2025-01-24 |
This page lists every published CVE security advisory associated with MDJM. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.