7 matches found
CVE-2025-11164
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
EUVD-2025-203208
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-11164
CVE-2025-11164 affects the Mavix Education WordPress theme. The issue is a missing capability check on the AJAX action mavix_education_activate_plugin, allowing authenticated users with Subscriber-level access and above to activate the Creativ Demo Importer plugin in all versions up to 1.0. The W...
CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
WordPress Mavix Education plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation vulnerability
Software : Mavix Education Type : Theme Vulnerable versions : = 1.0 Fixed in : 1.1 OWASP Top 10 : A1: Broken Access Control Classification : Broken Access Control CVE ID : CVE-2025-11164 Patchstack priority : Low CVSS severity : 4.3 Required privilege : Subscriber Developer : Claim ownership PSID...
WordPress Mavix Education plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation vulnerability
Missing Authorization to Authenticated Subscriber+ 'Creativ Demo Importer' Plugin Activation vulnerability discovered by Jonas Benjamin Friedli in WordPress Theme Mavix Education versions = 1.0...