Das Infomedia WPGYM Gym Management System for WordPress
Approved changes feed: RSS · Atom
cpe:2.3:a:dasinfomedia:wpgym_gym_management_system:-:*:*:*:*:wordpress:*:*
part: a version: - update: *
| Vendor | Dasinfomedia (f71b3358-be41-5266-a8b4-0ec752d5d637) |
|---|---|
| Product | Wpgym Gym Management System (cc999cda-c960-5739-b9be-6cbf386c9448) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-9942 |
vulnerable | 2026-06-08 07:00:28.944518 |
WPGYM <= 67.1.0 - Unauthenticated Arbitrary File Upload
CRITICAL (9.8)
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2024-11-23T07:38:06.409Z
Updated: 2026-04-08T17:18:21.556Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-9941 |
vulnerable | 2026-06-08 07:00:28.942720 |
WPGYM <= 67.1.0 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation
HIGH (8.8)
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role.
Published: 2024-11-23T07:38:07.184Z
Updated: 2026-04-08T17:23:39.486Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-14844 |
vulnerable | 2026-06-08 05:08:57.493725 |
Details available
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
Published: 2017-09-27T20:00:00.000Z
Updated: 2024-08-05T19:42:21.423Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.