SQL Injection Vulnerability in Miraculous Theme by Kamleshyadav
CVE-2025-58628

9.3CRITICAL

Key Information:

Vendor: WordPress
Status: Miraculous
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-58628?

The Miraculous theme developed by Kamleshyadav is susceptible to a SQL injection vulnerability due to improper neutralization of special elements in SQL commands. This flaw allows attackers to perform a Blind SQL Injection, potentially exposing sensitive data and compromising the security of affected WordPress installations. All versions of the Miraculous theme prior to 2.0.9 are impacted by this issue, highlighting the critical need for users to update their themes promptly to mitigate risks.

Affected Version(s)

Miraculous < 2.0.9

References

https://patchstack.com/database/wordpress/theme/miraculou...

vdb-entry

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
Sep 3, 2025