This vulnerability in Mojoomla WPCHURCH (up to version 2.7.0) is due to improper neutralization of special elements in SQL commands, classified as CWE-89. It enables blind SQL injection attacks without requiring user interaction or privileges, allowing attackers to extract sensitive data from the database. The CVSS 3.1 vector indicates network attack vector, low attack complexity, no privileges required, no user interaction, scope changed, with high confidentiality impact and low availability impact.

Successful exploitation can lead to unauthorized disclosure of sensitive information from the database (high confidentiality impact). The integrity impact is not indicated, and availability impact is low. The vulnerability does not require authentication or user interaction, increasing its risk. No known active exploitation has been reported.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix information is provided, users should monitor Mojoomla's communications for updates. Until a fix is available, consider applying workarounds such as disabling the affected plugin or restricting access to vulnerable endpoints if feasible.