PT-2025-29217 · WordPress · Wpgym - Wordpress Gym Management System
Trương Hữu Phúc
+1
·
Published
2025-07-11
·
Updated
2025-07-11
·
CVE-2025-7442
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
WPGYM - Wordpress Gym Management System plugin versions prior to 67.8.0
Description:
The WPGYM - Wordpress Gym Management System plugin for WordPress is susceptible to SQL Injection due to insufficient input validation and query preparation. This allows unauthenticated attackers to inject malicious SQL queries into existing database queries, potentially leading to the extraction of sensitive information. The vulnerability exists in the
MJ gmgt delete class limit for member, MJ gmgt get yearly income expense, MJ gmgt get monthly income expense, MJ gmgt add class limit, MJ gmgt view meeting detail, and MJ gmgt create meeting functions.Recommendations:
Update the WPGYM - Wordpress Gym Management System plugin to version 67.8.0 or later.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpgym - Wordpress Gym Management System