Wpgym Wordpress Gym Management System
by WordPress
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14844 | Hig | 0.60 | 8.8 | 0.03 | Sep 28, 2017 | Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter. | ||
| CVE-2025-7049 | Hig | 0.57 | 8.8 | 0.00 | Sep 10, 2025 | The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for… | ||
| CVE-2025-3671 | Hig | 0.57 | 8.8 | 0.01 | Aug 16, 2025 | The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include… | ||
| CVE-2025-7442 | Hig | 0.49 | 7.5 | 0.00 | Jul 11, 2025 | The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit,… | ||
| CVE-2024-9941 | 0.00 | — | 0.01 | Nov 23, 2024 | The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers,… |
- risk 0.60cvss 8.8epss 0.03
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
- risk 0.57cvss 8.8epss 0.00
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for…
- risk 0.57cvss 8.8epss 0.01
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include…
- risk 0.49cvss 7.5epss 0.00
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit,…
- CVE-2024-9941Nov 23, 2024risk 0.00cvss —epss 0.01
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers,…