Primary

Context

WPGYM WordPress Plugin Unauthorized Admin Account Creation Vulnerability

Vulnerability

A vulnerability exists in the WPGYM - WordPress Gym Management System plugin, affecting all versions through 67.7.0. The issue arises from the plugin's failure to properly validate user capabilities before adding new users. This flaw allows authenticated attackers with Subscriber-level access or higher to create new user accounts, including those with admin privileges.

Impact

Exploitation of this vulnerability allows for unauthorized creation of admin accounts, potentially leading to further malicious actions within the WordPress site.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected plugin.

Added: Aug 16, 2025, 4:24 AM

Updated: Aug 16, 2025, 4:24 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

5.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

5.4

remediation

0.0

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WPGYM WordPress Plugin Unauthorized Admin Account Creation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WPGYM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating