CVE-2025-7442 – “WordPress Gym Management System SQL Injection Vulnerability”

July 11, 2025

CVE ID : CVE-2025-7442

Published : July 11, 2025, 8:15 a.m. | 1 hour, 22 minutes ago

Description : The WPGYM – WordPress Gym Management System plugin for WordPress is vulnerable to SQL Injection via several parameters in the MJ_gmgt_delete_class_limit_for_member, MJ_gmgt_get_yearly_income_expense, MJ_gmgt_get_monthly_income_expense, MJ_gmgt_add_class_limit, MJ_gmgt_view_meeting_detail, and MJ_gmgt_create_meeting functions in all versions up to 67.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6438 – Apache SOAP XML External Entity Reference Vulnerability

Next Article CVE-2025-6745 – WoodMart WordPress Information Exposure Vulnerability

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

One of Atlus’ best Xbox JRPGs that puts modern Final Fantasy games to shame is now on a 45% discount — This is your last chance to seize it as the Amazon Day Prime closes today

Don’t waste the LAST 24 hours of Amazon Prime Day sales buying a MacBook — buy this much better Windows laptop instead!

This fantastic Xbox remake of a classic Atlus JRPG we gave a perfect review score to is now 49% cheaper — Don’t miss the deadline for this Amazon Prime Day deal, which ends today

HP’s discount on one of the most powerful gaming laptops on the planet is absolutely UNBEATABLE — but you only have a few hours to get one!

The details of TC39’s last meeting

The details of TC39’s last meeting

Francisco Bergeret Paves the Way Through Strong Leadership at Perficient

Intelligent Automation in the Healthcare Sector with n8n, OpenAI, and Pinecone

One of Atlus’ best Xbox JRPGs that puts modern Final Fantasy games to shame is now on a 45% discount — This is your last chance to seize it as the Amazon Day Prime closes today

One of Atlus’ best Xbox JRPGs that puts modern Final Fantasy games to shame is now on a 45% discount — This is your last chance to seize it as the Amazon Day Prime closes today

Don’t waste the LAST 24 hours of Amazon Prime Day sales buying a MacBook — buy this much better Windows laptop instead!

This fantastic Xbox remake of a classic Atlus JRPG we gave a perfect review score to is now 49% cheaper — Don’t miss the deadline for this Amazon Prime Day deal, which ends today

CVE-2025-7442 – “WordPress Gym Management System SQL Injection Vulnerability”

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Even YouTube’s anti-adblock campaign doesn’t stand a chance against this self-made AR app — blocking real-world billboards with Google Gemini AI

Customize URL Handling with Laravel’s Macroable URI Class

Breaking into Freelance UX Research: A Guide for Experienced Practitioners

Hackers breach Norwegian dam

Meet Open-Qwen2VL: A Fully Open and Compute-Efficient Multimodal Large Language Model

Avast Antivirus Vulnerability Let Attackers Escalate Privileges

Yet another SonicWall SMA100 vulnerability exploited in the wild (CVE-2025-32819)

CVE-2025-32717 – Microsoft Office Word Heap-based Buffer Overflow Vulnerability

CVE-2025-7442 – “WordPress Gym Management System SQL Injection Vulnerability”

Related Posts