Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27569

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00284EPSS
Exploits0References2
NVD
NVD
added 2025/09/10 7:15 a.m.5 views

CVE-2025-7049

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJgmgtgmgtadduser' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...

8.8CVSS0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.5 views

PT-2025-37016

Name of the Vulnerable Software and Affected Versions: WPGYM - Wordpress Gym Management System plugin for WordPress versions prior to 67.7.1 Description: The plugin is susceptible to privilege escalation due to missing validation on a user-controlled key within the MJ gmgt gmgt add user function...

8.8CVSS6.6AI score0.00284EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.11 views

CVE-2025-6080 WPGYM <= 67.7.0 - Missing Authorization to Admin Account Creation

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to the plugin not properly validating a user's capabilities prior to adding users. This makes it possible for authenticat...

8.8CVSS0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/08/16 12:0 a.m.7 views

PT-2025-33521 · WordPress · Wpgym - Wordpress Gym Management System

Name of the Vulnerable Software and Affected Versions: WPGYM - Wordpress Gym Management System plugin versions prior to 67.7.1 Description: The WPGYM - Wordpress Gym Management System plugin for WordPress is susceptible to Local File Inclusion via the page parameter. This allows authenticated...

8.8CVSS7.3AI score0.00693EPSS
Exploits0References9
CVE
CVE
added 2025/07/11 7:23 a.m.29 views

CVE-2025-7442

CVE-2025-7442 affects the WPGYM WordPress plugin, with an SQL Injection vulnerability present in versions up to 67.8.0. The flaw arises from insufficient parameter escaping and lack of proper query preparation in these functions: MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_ex...

7.5CVSS7.2AI score0.00327EPSS
Exploits0References2
NVD
NVD
added 2024/11/23 8:15 a.m.25 views

CVE-2024-9942

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJgmgtuseravatarimageupload function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload...

9.8CVSS0.01145EPSS
Exploits0References2
OSV
OSV
added 2024/11/23 8:15 a.m.3 views

CVE-2024-9941

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJgmgtaddstaffmember function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level...

8.8CVSS7.3AI score0.00582EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2017/09/06 12:0 a.m.78 views

WordPress Gym Management System 07-05-2017 Code Execution / Cross Site Scripting

Exploit Title: WPGYM - Wordpress Gym Management System Member View Add weight Upload image shell.png.php Save Measurement An alert will warn you about incorrect file type but it will still upload it. Go to Workouts View Measurement Right Click on Image View Image or Copy Image URL Paste on your...

Exploits0
Rows per page
Query Builder