WPGYM WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the WPGYM - WordPress Gym Management System plugin, affecting all versions through 67.7.0. The issue arises in the 'MJ_gmgt_gmgt_add_user' function, where insufficient validation of a user-controlled key allows authenticated attackers with Subscriber-level access or higher to modify the email, password, and other details of any user, including those with Administrator privileges.

Impact

Exploitation of this vulnerability allows for unauthorized changes to user account details, potentially leading to account takeover, especially for Administrator users.

Added: Sep 10, 2025, 7:32 AM

Updated: Sep 10, 2025, 7:32 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

5.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

5.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WPGYM WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

WPGYM

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating