{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7049", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-03T16:00:51.048Z", "datePublished": "2025-09-10T06:38:45.603Z", "dateUpdated": "2026-04-08T16:37:26.229Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:26.229Z"}, "affected": [{"vendor": "dasinfomedia", "product": "WPGYM - Wordpress Gym Management System", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "67.7.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the email, password, and other details of any user, including Administrator users."}], "title": "WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17951f68-8481-477b-a940-cce637f6ec54?source=cve"}, {"url": "https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Michelle Porter"}], "timeline": [{"time": "2025-09-09T17:42:53.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-10T13:38:40.651616Z", "id": "CVE-2025-7049", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-10T16:10:54.571Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7049", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-10T13:38:40.651616Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-10T16:10:51.503Z"}}], "cna": {"title": "WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover", "credits": [{"lang": "en", "type": "finder", "value": "Michelle Porter"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "dasinfomedia", "product": "WPGYM - Wordpress Gym Management System", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "67.7.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-09T17:42:53.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17951f68-8481-477b-a940-cce637f6ec54?source=cve"}, {"url": "https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964"}], "descriptions": [{"lang": "en", "value": "The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the email, password, and other details of any user, including Administrator users."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:26.229Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7049", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:37:26.229Z", "dateReserved": "2025-07-03T16:00:51.048Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-10T06:38:45.603Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the email, password, and other details of any user, including Administrator users."}], "id": "CVE-2025-7049", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-10T07:15:45.203", "references": [{"source": "security@wordfence.com", "url": "https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/17951f68-8481-477b-a940-cce637f6ec54?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:21:29.102813+00:00", "value": {"mitigation_remediation": ["Update the WPGYM plugin to any release newer than 67.7.0", "Reconfigure WordPress user roles to ensure that Subscriber users lack the capability to add or modify other accounts", "Audit security logs for unauthorized changes to user accounts and investigate any anomalies"], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability affects dasinfomedia\u2019s WPGYM \u2013 Wordpress Gym Management System plugin. All releases up to and including version 67.7.0 are impacted.", "description_and_impact": "The WPGYM plugin for WordPress contains a flaw in the MJ_gmgt_gmgt_add_user function, where a user\u2010controlled key is not validated. As a result, any authenticated user with Subscriber role or higher can alter the email, password, and other sensitive details of any account, including administrators. This constitutes a privilege escalation that allows an attacker to take over another user\u2019s account, compromising confidentiality and integrity of the system.", "risk_and_exploitability": "The CVSS rating of 8.8 reflects a high severity. EPSS indicates a very low probability of exploitation, likely because the attacker must first authenticate as a Subscriber or higher. The flaw is not listed in CISA\u2019s KEV catalog. If an attacker gains a legitimate subscriber account, the lack of validation enables immediate account takeover of higher\u2011privilege users such as administrators. The attack vector is therefore local to the WordPress site and requires authentication, but once achieved, it provides full control over target accounts."}}}}, "created": "2025-09-12T09:11:34.694779+00:00", "updated": "2026-04-22T14:30:18.957147+00:00", "vendors": ["dasinfomedia", "dasinfomedia$PRODUCT$wpgym_gym_management_system", "wordpress", "wordpress$PRODUCT$wordpress"]}