Known Vulnerabilities for VW Fitness by Vowelweb
Listed below are 10 of the newest known vulnerabilities associated with "VW Fitness" by "Vowelweb".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-43978 json | wger is a free, open-source workout and fitness manager. In versions prior to 2.6, a gym trainer can escalate their session t... | Not Provided | 2026-07-16 | 2026-07-17 |
| CVE-2026-43977 json | wger is a free, open-source workout and fitness manager. In versions prior to 2.6, any authenticated user can read another us... | Not Provided | 2026-07-16 | 2026-07-17 |
| CVE-2026-43948 json | wger is a free, open-source workout and fitness manager. Prior to 2.6, the reset_user_password and gym_permissions_user_edit ... | Not Provided | 2026-05-12 | 2026-05-13 |
| CVE-2026-40474 json | wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permissi... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-40353 json | wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in Abstract... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-32434 json | Missing Authorization vulnerability in vowelweb VW Fitness vw-fitness allows Exploiting Incorrectly Configured Access Control... | Not Provided | 2026-03-13 | 2026-04-29 |
| CVE-2025-69155 json | Unauthenticated Cross Site Scripting (XSS) in Fitness Zone WordPress Theme <= 5.7 versions. | Not Provided | 2026-07-02 | 2026-07-02 |
| CVE-2025-50033 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sparklewpthemes Fitness... | Not Provided | 2025-06-20 | 2026-04-23 |
| CVE-2024-51806 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shingo Awesome Fitness ... | Not Provided | 2024-11-19 | 2026-04-23 |
| CVE-2023-25999 json | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in snst... | Not Provided | 2025-06-09 | 2026-04-28 |