Skip to main content

Miraculous Core Plugin

1 CVEs product

Monthly

CVE-2026-32516 HIGH PATCH This Week

A blind SQL injection vulnerability exists in the Miraculous Core Plugin for WordPress (versions prior to 2.1.2), allowing attackers to execute arbitrary SQL commands against the underlying database without displaying query results directly. This vulnerability affects all installations of the kamleshyadav Miraculous Core Plugin below version 2.1.2, enabling attackers to extract sensitive data, modify database contents, or potentially achieve remote code execution depending on database permissions and WordPress configuration. While CVSS and EPSS scores are not yet available and KEV status is unknown, the SQL injection classification (CWE-89) and reporting via Patchstack indicate this is a validated vulnerability with a confirmed patch available in version 2.1.2.

SQLi Miraculous Core Plugin
NVD VulDB
CVSS 3.1
8.5
EPSS
0.0%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

A blind SQL injection vulnerability exists in the Miraculous Core Plugin for WordPress (versions prior to 2.1.2), allowing attackers to execute arbitrary SQL commands against the underlying database without displaying query results directly. This vulnerability affects all installations of the kamleshyadav Miraculous Core Plugin below version 2.1.2, enabling attackers to extract sensitive data, modify database contents, or potentially achieve remote code execution depending on database permissions and WordPress configuration. While CVSS and EPSS scores are not yet available and KEV status is unknown, the SQL injection classification (CWE-89) and reporting via Patchstack indicate this is a validated vulnerability with a confirmed patch available in version 2.1.2.

SQLi Miraculous Core Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy