cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-9941,https://securityvulnerability.io/vulnerability/CVE-2024-9941,Authenticated Attackers Can Create New User Accounts with Administrator Role,"The WordPress Gym Management System plugin, known as WPGYM, exhibits a vulnerability that allows authenticated users with subscriber-level access and above to exploit a missing capability check within the MJ_gmgt_add_staff_member() function. This flaw can enable these users to create new user accounts with full administrator privileges. Such a security gap poses a significant risk, potentially leading to unauthorized access and control over the WordPress site, impacting overall site security and user data integrity.",Wordpress,WordPress Gym Management System,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-23T08:15:00.000Z,0
CVE-2024-9942,https://securityvulnerability.io/vulnerability/CVE-2024-9942,Unauthenticated File Upload Vulnerability in WPGYM Plugin Could Lead to Remote Code Execution,"The WPGYM - WordPress Gym Management System plugin contains a significant vulnerability due to inadequate file type validation within the MJ_gmgt_user_avatar_image_upload() function. This flaw allows unauthenticated attackers to upload arbitrary files to the server hosting the affected WordPress site. Such unauthorized uploads can lead to various security threats including remote code execution, exposing websites to further attacks. All versions of the WPGYM plugin up to and including 67.1.0 are affected, necessitating immediate attention to mitigate potential risks.",Wordpress,WordPress Gym Management System,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,2024-11-23T08:15:00.000Z,0