The vulnerability involves a missing authorization check in the Mobile DJ Manager plugin, allowing an attacker to exploit incorrectly configured access controls. Because the plugin fails to enforce proper permission checks, a user who gains access to the plugin’s administrative interface can elevate privileges and perform actions reserved for administrators. This exposure can lead to unauthorized content manipulation, configuration changes, or further exploitation of the WordPress site.

MDJM’s Mobile DJ Manager plugin for WordPress, affecting all installations running versions n/a through 1.7.8.3. All sites using earlier releases are impacted unless they have performed an update to a later release. The plugin runs within the WordPress environment, so any site hosting the plugin is potentially at risk.

The CVSS score of 8.8 indicates high severity, while the EPSS score of less than 1% shows a low probability of exploitation at present, and the vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is through the web interface of the plugin, where an attacker can submit crafted requests that bypass the missing authorization check. Once an attacker gains an account with a role that can reach the plugin, privilege escalation can occur without authentication, making the condition of gaining initial access a prerequisite. The absence of publicly disclosed exploits suggests that the window for exploitation is still narrow, but the high severity warrants immediate remediation.