CVE-2025-6080
📋 TL;DR
The WPGYM WordPress Gym Management System plugin has a privilege escalation vulnerability that allows authenticated users with Subscriber-level access or higher to create new administrator accounts. This affects all WordPress sites using WPGYM plugin versions up to 67.7.0. Attackers can gain full administrative control of vulnerable WordPress installations.
💻 Affected Systems
- WPGYM - WordPress Gym Management System
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers create admin accounts, install backdoors, deface websites, steal sensitive data, and use the compromised site for further attacks.
Likely Case
Attackers create hidden admin accounts to maintain persistent access, install malicious plugins/themes, and potentially compromise the entire WordPress installation.
If Mitigated
With proper access controls and monitoring, unauthorized admin creation would be detected and blocked before significant damage occurs.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has any valid user account.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 67.7.1 or later
Vendor Advisory: https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WPGYM plugin and check for updates. 4. Update to version 67.7.1 or later. 5. Verify the update completed successfully.
🔧 Temporary Workarounds
Disable WPGYM Plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate wpgym
Restrict User Registration
allDisable new user registration in WordPress settings
🧯 If You Can't Patch
- Immediately disable the WPGYM plugin and find alternative gym management solutions
- Implement strict monitoring for unauthorized user creation and privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → WPGYM version. If version is 67.7.0 or lower, the system is vulnerable.Check Version:
wp plugin get wpgym --field=versionVerify Fix Applied:
After updating, verify WPGYM plugin version shows 67.7.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unexpected user creation events, especially admin role assignments
- Multiple failed login attempts followed by successful user creation
- User creation from non-admin accounts
Network Indicators:
- POST requests to user creation endpoints from non-admin accounts
- Unusual spikes in admin panel access from new IP addresses
SIEM Query:
source="wordpress.log" AND ("user_created" OR "new_user") AND ("role":"administrator" OR "admin")