Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Reflected XSS.This issue affects Mobile DJ Manager: from n/a through <= 1.7.5.6.
Published: 2025-01-24
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The MDJM Mobile DJ Manager plugin for WordPress contains a reflected cross‑site scripting flaw that results in improper neutralization of user‑supplied input during page rendering. An attacker can inject arbitrary JavaScript into a page that is immediately returned, potentially leading to session hijacking, cookie theft, or other client‑side attacks. The underlying weakness is a failure to escape or encode output, classified as CWE‑79.

Affected Systems

Any installation of the Mobile DJ Manager plugin up to and including version 1.7.5.6 is vulnerable, regardless of the underlying WordPress core version. Sites that have installed any version in that range are affected.

Risk and Exploitability

The reported CVSS score of 7.1 indicates a serious risk. With an EPSS score of less than 1 % the likelihood of automated exploitation is low, and the flaw is not currently listed in the CISA KEV catalog. The typical attack path requires an attacker to craft a URL or form submission that the plugin echoes back, so an unauthenticated user or one with permission to submit requests can trigger the vulnerability.

Generated by OpenCVE AI on May 1, 2026 at 19:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Mobile DJ Manager plugin to version 1.7.5.7 or later, which implements proper input validation and output encoding.
  • If an immediate upgrade is not feasible, restrict the plugin’s input points to HTTPS only and deploy a web application firewall rule that blocks common cross‑site scripting payloads.
  • Disable or uninstall the Mobile DJ Manager plugin on sites that do not require its functionality until the patch is applied.

Generated by OpenCVE AI on May 1, 2026 at 19:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2936 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM MDJM Event Management allows Reflected XSS. This issue affects MDJM Event Management: from n/a through 1.7.5.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM MDJM Event Management allows Reflected XSS. This issue affects MDJM Event Management: from n/a through 1.7.5.5. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM Mobile DJ Manager mobile-dj-manager allows Reflected XSS.This issue affects Mobile DJ Manager: from n/a through <= 1.7.5.6.
Title WordPress MDJM Event Management Plugin <= 1.7.5.5 - Reflected Cross Site Scripting (XSS) vulnerability WordPress MDJM Event Management Plugin <= 1.7.5.6 - Reflected Cross Site Scripting (XSS) vulnerability
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Fri, 24 Jan 2025 11:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MDJM MDJM Event Management allows Reflected XSS. This issue affects MDJM Event Management: from n/a through 1.7.5.5.
Title WordPress MDJM Event Management Plugin <= 1.7.5.5 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:05.479Z

Reserved: 2025-01-07T21:03:35.333Z

Link: CVE-2025-22714

cve-icon Vulnrichment

Updated: 2025-02-12T19:56:24.185Z

cve-icon NVD

Status : Deferred

Published: 2025-01-24T11:15:09.823

Modified: 2026-06-17T08:49:29.383

Link: CVE-2025-22714

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T19:15:24Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')