CVE-2025-32303 is a critical SQL Injection vulnerability classified under CWE-89, specifically a Blind SQL Injection, found in the Mojoomla WPCHURCH plugin for Joomla. The vulnerability arises from improper neutralization of special elements in SQL commands, allowing attackers to inject malicious SQL code remotely without authentication or user interaction. This flaw affects all versions of WPCHURCH up to 2.7.0. The vulnerability enables attackers to extract sensitive information from the backend database by sending crafted requests that manipulate SQL queries, potentially compromising confidentiality. The CVSS v3.1 score of 9.3 reflects its critical nature, with an attack vector of network (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C) indicating that the vulnerability can affect resources beyond the initially vulnerable component. The impact is primarily on confidentiality (C:H), with no integrity (I:N) and low availability (A:L) impact. Although no known exploits are currently reported in the wild, the vulnerability's characteristics make it a high-risk target for attackers seeking to exfiltrate data from vulnerable Joomla sites using WPCHURCH. No official patches have been released yet, so organizations must rely on interim mitigations.

For European organizations, this vulnerability poses a significant risk to the confidentiality of sensitive data stored in Joomla sites using the WPCHURCH plugin. Religious and community organizations, non-profits, and other entities using this plugin to manage church-related data could face data breaches, leading to exposure of personal information, membership details, and other confidential records. The ability to exploit this vulnerability remotely without authentication increases the attack surface and risk of widespread exploitation. Data breaches could result in reputational damage, regulatory fines under GDPR for inadequate data protection, and operational disruptions. The limited impact on availability means systems may remain operational while data is exfiltrated, potentially delaying detection. Organizations with public-facing Joomla installations are particularly vulnerable, and the lack of patches increases the urgency for proactive defenses.

1. Immediately restrict access to WPCHURCH plugin interfaces by IP whitelisting or network segmentation to limit exposure. 2. Implement Web Application Firewalls (WAF) with custom rules to detect and block SQL injection patterns targeting WPCHURCH endpoints. 3. Monitor web server and database logs for unusual query patterns indicative of SQL injection attempts. 4. Disable or remove the WPCHURCH plugin if it is not essential until a patch is available. 5. Engage with Mojoomla or trusted security vendors for any available unofficial patches or workarounds. 6. Conduct thorough security audits of Joomla installations to identify and remediate other potential vulnerabilities. 7. Prepare for rapid deployment of official patches once released by establishing update procedures and backups. 8. Educate administrators on the risks and signs of exploitation to enhance detection and response capabilities.