VYPR

Wpgym Wordpress Gym Management System

by WordPress

CVEs (5)

  • CVE-2017-14844HigSep 28, 2017
    risk 0.60cvss 8.8epss 0.03

    Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.

  • CVE-2025-7049HigSep 10, 2025
    risk 0.57cvss 8.8epss 0.00

    The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for…

  • CVE-2025-3671HigAug 16, 2025
    risk 0.57cvss 8.8epss 0.01

    The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 67.7.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include…

  • CVE-2025-7442HigJul 11, 2025
    risk 0.49cvss 7.5epss 0.00

    The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit,…

  • CVE-2024-9941Nov 23, 2024
    risk 0.00cvss epss 0.01

    The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers,…