SQL Injection Vulnerability in WPGYM Plugin by MojoJoomla
CVE-2025-32643
9.3CRITICAL
What is CVE-2025-32643?
A vulnerability in the WPGYM plugin, designed for gym management by MojoJoomla, allows for Blind SQL Injection due to the improper handling of special elements within SQL commands. This flaw can be exploited to execute arbitrary SQL queries, posing a significant risk to the integrity of the database and potentially exposing sensitive data. It affects WPGYM versions from n/a up to 65.0, highlighting the need for prompt updates to ensure user data protection and system security.
Affected Version(s)
WPGYM <= 65.0