5 matches found
CVE-2024-9942
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJgmgtuseravatarimageupload function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload...
CVE-2024-9942
creationtimestamp| type| source ---|---|--- 2024-11-23 07:55:23+00:00| seen| https://infosec.exchange/users/cve/statuses/113531192809073996 2026-06-21 05:07:07+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3morlzown2k2n...
CVE-2024-9942 WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJgmgtuseravatarimageupload function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload...
CVE-2024-9942
The CVE-2024-9942 entry concerns the WPGYM WordPress Gym Management System plugin. A missing file-type validation in MJ_gmgt_user_avatar_image_upload() allows unauthenticated arbitrary file uploads on all versions up to 67.1.0, potentially enabling remote code execution on the affected site. Conn...
CVE-2024-9942 WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJgmgtuseravatarimageupload function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload...