SQL Injection Vulnerability in WPGYM Plugin by MojoJoomla
CVE-2025-32643

9.3CRITICAL

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
16 May 2025

What is CVE-2025-32643?

A vulnerability in the WPGYM plugin, designed for gym management by MojoJoomla, allows for Blind SQL Injection due to the improper handling of special elements within SQL commands. This flaw can be exploited to execute arbitrary SQL queries, posing a significant risk to the integrity of the database and potentially exposing sensitive data. It affects WPGYM versions from n/a up to 65.0, highlighting the need for prompt updates to ensure user data protection and system security.

Affected Version(s)

WPGYM <= 65.0

References

CVSS V3.1

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Bonds (Patchstack Alliance)
.