WordPress Gym Management System Plugin Vulnerable to Privilege Escalation (CVE-2024-9941)

2024-11-26

Platform: WordPress
Version: WPGYM plugin up to 67.1.0
Vulnerability: Privilege Escalation
Severity: Moderate (CVSS score not yet available)
Date: November 23, 2024 (NVD published date)

:

The WPGYM plugin for WordPress is vulnerable to privilege escalation due to a missing capability check. This allows attackers with subscriber-level access or higher to create new administrator accounts.

What Undercode Says:

This vulnerability can be exploited by attackers who already have access to your WordPress site. It’s crucial to update the WPGYM plugin to the latest version (likely a patched version) as soon as possible. Additionally, consider implementing strong password policies and enforcing least privilege principles for user accounts.

References:

Reported By: Nvd.nist.gov
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top