CVE-2025-67998
Awaiting Analysis Awaiting Analysis - Queue
Authentication Bypass in Miraculous Elementor

Publication date: 2026-02-20

Last updated on: 2026-02-25

Assigner: Patchstack

Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-20
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67998
EUVD
EUVD-2025-208061
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kamleshyadav miraculous_elementor From 1.0.0 (inc) to 2.0.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-288 The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67998 is a high-priority Broken Authentication vulnerability in the WordPress Miraculous Elementor Plugin versions up to and including 2.0.7.

This vulnerability allows a malicious actor to bypass normal authentication mechanisms by using an alternate path or channel, enabling them to perform actions that are normally restricted to higher privileged users.

Specifically, it can allow an attacker to gain administrative access to the affected website.

The flaw falls under the OWASP Top 10 category A7: Identification and Authentication Failures and is classified as Broken Authentication.

Impact Analysis

This vulnerability can have severe impacts as it allows attackers to gain administrative access to your WordPress website.

With administrative privileges, an attacker can modify website content, steal sensitive data, install malicious code, or disrupt website operations.

The vulnerability requires only subscriber or developer privileges to exploit, making it easier for attackers with limited access to escalate their privileges.

Failure to patch this vulnerability promptly can lead to significant security breaches and loss of control over your website.

Compliance Impact

I don't know

Detection Guidance

This vulnerability affects the WordPress Miraculous Elementor Plugin versions up to and including 2.0.7 and allows authentication bypass. Detection involves identifying if the vulnerable plugin version is installed on your system.

You can check the installed plugin version on your WordPress site by running commands such as:

  • Using WP-CLI: wp plugin list | grep miraculous-elementor
  • Manually checking the plugin version in the WordPress admin dashboard under Plugins.

Additionally, monitoring for unusual authentication attempts or privilege escalations in your web server logs may help detect exploitation attempts, but no specific detection commands are provided.

Mitigation Strategies

The primary mitigation step is to update the Miraculous Elementor plugin to version 2.0.8 or later, which contains the patch resolving this authentication bypass vulnerability.

Until the update can be applied, users of Patchstack can enable the provided mitigation rule that blocks attacks targeting this flaw.

Enabling automatic updates for vulnerable plugins through Patchstack is also recommended to ensure timely protection.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67998. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart