PyPI / wger

wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data

수정: 2026. 4. 15.

wger has Stored XSS via Unescaped License Attribution Fields

수정: 2026. 5. 5.

wger Workout Manager Cross-site Scripting vulnerability

수정: 2024. 11. 19.

wger: Privilege escalation via trainer-login session chaining allows gym trainer to impersonate gym manager

수정: 2026. 5. 14.

wger Vulnerable to IDOR: Authenticated Users Can Read Any User's Private Workout Session Data via Template Routine API

수정: 2026. 5. 14.

wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup

수정: 2026. 4. 15.

wger vulnerable to brute force attempts

수정: 2023. 11. 8.

wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

수정: 2026. 5. 13.

wger: cross-tenant account deletion / deactivation / activation by gym.manage_gym + gym=None

수정: 2026. 5. 20.

wger has an Uncontrolled Resource Consumption issue

수정: 2026. 5. 13.

wger: trainer_login open redirect - ?next= parameter not validated against host

수정: 2026. 5. 6.

wger Workout Manager Cross-Site Request Forgery vulnerability

수정: 2024. 11. 19.

wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data

수정: 2026. 4. 15.

wger has Broken Access Control in Global Gym Configuration Update Endpoint

수정: 2026. 5. 5.

wger: CSV/TSV formula injection in gym member export (first_name/last_name)

수정: 2026. 5. 6.

수정: 2026. 6. 10.

수정: 2026. 6. 10.