What the vulnerability does
01Description
Authentication Bypass Using an Alternate Path or Channel vulnerability in kamleshyadav Miraculous Elementor miraculous-el allows Authentication Abuse.This issue affects Miraculous Elementor: from n/a through <= 2.0.7.
Explanation of Vulnerability in Simple Terms
02Summary
Miraculous Elementor versions 2.0.7 and earlier contain an authentication bypass vulnerability. An attacker with low-level user access can read sensitive data, modify site content, or disrupt service without additional interaction. The vulnerability affects the core functionality and requires only network access and valid login credentials to exploit.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify site content, or disrupt service availability with a low-privilege user account.
Potential impact on your site
04Site Impact
Any registered user can access restricted features, modify content, or cause downtime without admin approval.
Conditions required to exploit
05Prerequisites
Attacker must have a valid low-privilege user account on the site.
Key dates
06Disclosure timeline
February 20, 2026
CVE published
April 28, 2026
Record updated