Mojoomla Wordpress Gym Management System vulnerabilities
2 known vulnerabilities affecting mojoomla/wordpress_gym_management_system.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2024-9942P2CRITICALCVSS 9.8fixed in 67.2.02024-11-23
CVE-2024-9942 [CRITICAL] CWE-434 CVE-2024-9942: The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file upl
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server whic
nvd
CVE-2024-9941P3HIGHCVSS 8.8fixed in 67.2.02024-11-23
CVE-2024-9941 [HIGH] CWE-269 CVE-2024-9941: The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalati
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the
nvd