This vulnerability in mojoomla WPGYM (up to version 65.0) is classified as CWE-89, indicating improper neutralization of special elements used in SQL commands, commonly known as SQL Injection. The CVSS 3.1 base score is 8.5, reflecting a network attack vector with low attack complexity, requiring low privileges and no user interaction. The impact scope is changed (scope: changed), with high confidentiality impact, no integrity impact, and low availability impact. No known exploits are reported in the wild, and no patch or remediation information is currently provided.

An attacker with low privileges can exploit this SQL Injection vulnerability remotely without user interaction. The primary impact is on confidentiality, potentially allowing unauthorized access to sensitive data. There is also a low impact on availability, possibly causing partial denial of service. Integrity is not impacted according to the CVSS vector. No known exploits in the wild have been reported to date.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or vendor advisory is available, users should monitor for updates from mojoomla and apply any official fixes once released. Until then, consider restricting access to the affected plugin and applying any available workarounds recommended by the vendor.