9 matches found
EUVD-2025-27569
Malicious code in bioql PyPI...
CVE-2025-7049
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJgmgtgmgtadduser' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
PT-2025-37016
Name of the Vulnerable Software and Affected Versions: WPGYM - Wordpress Gym Management System plugin for WordPress versions prior to 67.7.1 Description: The plugin is susceptible to privilege escalation due to missing validation on a user-controlled key within the MJ gmgt gmgt add user function...
CVE-2025-6080 WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to the plugin not properly validating a user's capabilities prior to adding users. This makes it possible for authenticat...
PT-2025-33521 · WordPress · Wpgym - Wordpress Gym Management System
Name of the Vulnerable Software and Affected Versions: WPGYM - Wordpress Gym Management System plugin versions prior to 67.7.1 Description: The WPGYM - Wordpress Gym Management System plugin for WordPress is susceptible to Local File Inclusion via the page parameter. This allows authenticated...
CVE-2025-7442
CVE-2025-7442 affects the WPGYM WordPress plugin, with an SQL Injection vulnerability present in versions up to 67.8.0. The flaw arises from insufficient parameter escaping and lack of proper query preparation in these functions: MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_ex...
CVE-2024-9942
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJgmgtuseravatarimageupload function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload...
CVE-2024-9941
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJgmgtaddstaffmember function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level...
WordPress Gym Management System 07-05-2017 Code Execution / Cross Site Scripting
Exploit Title: WPGYM - Wordpress Gym Management System Member View Add weight Upload image shell.png.php Save Measurement An alert will warn you about incorrect file type but it will still upload it. Go to Workouts View Measurement Right Click on Image View Image or Copy Image URL Paste on your...