A critical vulnerability has been identified in the WPGYM - Wordpress Gym Management System plugin, which allows an unauthenticated attacker to create an administrative account on the affected WordPress site. Successful exploitation grants the attacker full control over the website, enabling them to steal sensitive data, deface the site, or launch further attacks. This represents a significant security risk that requires immediate attention.

The vulnerability exists within the user registration functionality of the WPGYM plugin. A flaw in the code fails to properly enforce authentication and authorization checks, allowing an unauthenticated remote attacker to send a specially crafted request to the application. This request is processed with administrative privileges, resulting in the creation of a new user account with full administrator rights on the WordPress site.

This is a High severity vulnerability with a CVSS score of 8.8. An attacker who successfully exploits this flaw gains complete administrative control over the affected website. This could lead to severe business consequences, including the theft of sensitive customer or business data, website defacement causing reputational damage, distribution of malware to site visitors, and disruption of business operations. The compromised website could also be used as a platform to launch further attacks against other internal or external systems, posing a significant risk to the organization's security posture.

Immediate Action:

• Immediately update the "WPGYM - Wordpress Gym Management System" plugin to the latest version provided by the vendor, which addresses this vulnerability.
• After updating, perform a thorough audit of all user accounts within WordPress, paying special attention to accounts with administrator privileges. Remove any unauthorized or suspicious accounts immediately.
• If the WPGYM plugin is not essential for business operations, consider deactivating and completely removing it to eliminate this and future attack vectors associated with the plugin.

Proactive Monitoring:

• Monitor web server access logs for unusual POST requests to plugin-specific endpoints, particularly those related to user registration or AJAX functions.
• Implement alerts for the creation of new administrator-level accounts within WordPress.
• Regularly review file integrity monitoring logs for unexpected changes to plugin files or the WordPress core.

Compensating Controls:

• Implement a Web Application Firewall (WAF) with rules to block malicious requests targeting known plugin vulnerabilities.
• Restrict access to the WordPress administrative dashboard (/wp-admin/) to only trusted IP addresses at the firewall or web server level.
• Enforce a strong password policy and two-factor authentication (2FA) for all administrative accounts as a general security best practice.

Public Exploit Available: False

Immediate patching is strongly recommended for all systems running a vulnerable version of the WPGYM plugin. The high severity score (CVSS 8.8) and the critical impact of a successful exploit—complete system compromise—make this a high-priority vulnerability. Although this CVE is not currently on the CISA KEV list, its characteristics make it a likely candidate if widespread exploitation is observed. Organizations must prioritize the immediate actions outlined in the remediation plan to prevent a potential compromise.