WordPress WPGYM - Wordpress Gym Management System plugin <= 67.7.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update vulnerability

WordPress WPGYM - Wordpress Gym Management System plugin = 67.7.0 - Authenticated Subscriber+ Local File Inclusion to Privilege Escalation via Password Update vulnerability discovered by WordFence in WordPress Plugin WPGYM versions = 67.7.0...

WordPress WPGYM plugin <= 67.7.0 - Missing Authorization to Admin Account Creation vulnerability

Missing Authorization to Admin Account Creation vulnerability discovered by Foxyyy in WordPress Plugin WPGYM versions = 67.7.0...

WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Broken Access Control

Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-9941 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 71c6636a78f1 Credits Tonn Required privilege Subscriber...

WordPress WPGYM Plugin <= 67.1.0 is vulnerable to Arbitrary File Upload

Software WPGYM Type Plugin Vulnerable versions = 67.1.0 Fixed in 67.2.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2024-9942 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 58875029db47 Credits Tonn Required privilege Unauthenticated Published...