The WPGYM - Wordpress Gym Management System plugin for...
High severity
Unreviewed
Published
Nov 23, 2024
to the GitHub Advisory Database
•
Updated Nov 26, 2024
Description
Published by the National Vulnerability Database
Nov 23, 2024
Published to the GitHub Advisory Database
Nov 23, 2024
Last updated
Nov 26, 2024
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role.
References