WPGYM WordPress Plugin Local File Inclusion Vulnerability Allowing Privilege Escalation

A local file inclusion vulnerability has been identified in the WPGYM - WordPress Gym Management System plugin, affecting all versions through 67.7.0. The vulnerability arises in the 'page' parameter, allowing authenticated attackers with Subscriber-level access and above to include and execute arbitrary files on the server. This exploitation can be used to bypass access controls, access sensitive data, or execute code in cases where images and other 'safe' file types can be uploaded and included. Additionally, this local file inclusion can be exploited to include various dashboard view files from the plugin, one of which can be used to update the passwords of Super Administrator accounts in Multisite environments, facilitating privilege escalation.

Impact

Exploitation of this vulnerability could lead to unauthorized file inclusion, execution of arbitrary PHP code, and privilege escalation by allowing an attacker to gain Super Administrator rights in a Multisite environment.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.