CVE-2025-7049
📋 TL;DR
The WPGYM WordPress plugin has a privilege escalation vulnerability that allows authenticated attackers with Subscriber-level access or higher to modify any user's account details, including administrators. This occurs due to insufficient validation in the 'MJ_gmgt_gmgt_add_user' function. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WPGYM - WordPress Gym Management System
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full administrative control over the WordPress site, allowing them to install malicious plugins/themes, steal sensitive data, deface the site, or establish persistent backdoors.
Likely Case
Attackers compromise administrator accounts to modify site content, steal user data, or install cryptocurrency miners/malware.
If Mitigated
With proper access controls and monitoring, impact is limited to temporary account compromise that can be detected and remediated quickly.
🎯 Exploit Status
Exploitation requires authenticated access but is technically simple once an attacker has any valid WordPress account.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 67.7.1 or later
Vendor Advisory: https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WPGYM Gym Management System. 4. Click 'Update Now' if update is available. 5. Alternatively, download latest version from CodeCanyon and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the WPGYM plugin until patched
wp plugin deactivate wpgym
Restrict user registration
allDisable new user registration to prevent attacker account creation
Update WordPress Settings → General → Membership: Uncheck 'Anyone can register'
🧯 If You Can't Patch
- Implement strict network access controls to limit WordPress admin access to trusted IPs only
- Enable detailed user activity logging and monitor for unauthorized account modifications
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin → Plugins → Installed Plugins. If WPGYM version is 67.7.0 or lower, you are vulnerable.Check Version:
wp plugin get wpgym --field=versionVerify Fix Applied:
After updating, verify plugin version shows 67.7.1 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual user profile modifications, especially by non-admin users
- Multiple failed login attempts followed by successful Subscriber-level login
- User role changes in WordPress logs
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=mj_gmgt_gmgt_add_user
- Unusual traffic patterns from Subscriber accounts accessing admin functions
SIEM Query:
source="wordpress.log" AND ("user_update" OR "profile_update") AND user_role="subscriber"