2 matches found
CVE-2025-7442
CVE-2025-7442 affects the WPGYM WordPress plugin, with an SQL Injection vulnerability present in versions up to 67.8.0. The flaw arises from insufficient parameter escaping and lack of proper query preparation in these functions: MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_ex...
CVE-2024-9942
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJgmgtuseravatarimageupload function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload...