Description
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the email, password, and other details of any user, including Administrator users.
Published: 2025-09-10
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The WPGYM plugin for WordPress contains a flaw in the MJ_gmgt_gmgt_add_user function, where a user‐controlled key is not validated. As a result, any authenticated user with Subscriber role or higher can alter the email, password, and other sensitive details of any account, including administrators. This constitutes a privilege escalation that allows an attacker to take over another user’s account, compromising confidentiality and integrity of the system.

Affected Systems

The vulnerability affects dasinfomedia’s WPGYM – Wordpress Gym Management System plugin. All releases up to and including version 67.7.0 are impacted.

Risk and Exploitability

The CVSS rating of 8.8 reflects a high severity. EPSS indicates a very low probability of exploitation, likely because the attacker must first authenticate as a Subscriber or higher. The flaw is not listed in CISA’s KEV catalog. If an attacker gains a legitimate subscriber account, the lack of validation enables immediate account takeover of higher‑privilege users such as administrators. The attack vector is therefore local to the WordPress site and requires authentication, but once achieved, it provides full control over target accounts.

Generated by OpenCVE AI on April 22, 2026 at 14:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WPGYM plugin to any release newer than 67.7.0
  • Reconfigure WordPress user roles to ensure that Subscriber users lack the capability to add or modify other accounts
  • Audit security logs for unauthorized changes to user accounts and investigate any anomalies

Generated by OpenCVE AI on April 22, 2026 at 14:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27569 The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the email, password, and other details of any user, including Administrator users.
History

Fri, 12 Sep 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Dasinfomedia
Dasinfomedia wpgym Gym Management System
Wordpress
Wordpress wordpress
Vendors & Products Dasinfomedia
Dasinfomedia wpgym Gym Management System
Wordpress
Wordpress wordpress

Wed, 10 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 10 Sep 2025 06:45:00 +0000

Type Values Removed Values Added
Description The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the email, password, and other details of any user, including Administrator users.
Title WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Dasinfomedia Wpgym Gym Management System
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:37:26.229Z

Reserved: 2025-07-03T16:00:51.048Z

Link: CVE-2025-7049

cve-icon Vulnrichment

Updated: 2025-09-10T16:10:51.503Z

cve-icon NVD

Status : Deferred

Published: 2025-09-10T07:15:45.203

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-7049

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T14:30:18Z

Weaknesses