Wpgym Wordpress Gym Management System
by Dasinfomedia
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14844 | Hig | 0.60 | 8.8 | 0.03 | Sep 28, 2017 | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | ||
| CVE-2024-9941 | 0.00 | — | 0.01 | Nov 23, 2024 | The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers,… | |||
| CVE-2024-9942 | 0.00 | — | 0.01 | Nov 23, 2024 | The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for… |
- risk 0.60cvss 8.8epss 0.03
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
- CVE-2024-9941Nov 23, 2024risk 0.00cvss —epss 0.01
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers,…
- CVE-2024-9942Nov 23, 2024risk 0.00cvss —epss 0.01
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for…