Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.4 views

CVE-2025-11164

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

4.3CVSS5.1AI score0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.2 views

EUVD-2025-203208

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

4.3CVSS4.7AI score0.00158EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.21 views

CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

4.3CVSS0.00158EPSS
Exploits0References2
CVE
CVE
added 2025/12/13 4:31 a.m.15 views

CVE-2025-11164

CVE-2025-11164 affects the Mavix Education WordPress theme. The issue is a missing capability check on the AJAX action mavix_education_activate_plugin, allowing authenticated users with Subscriber-level access and above to activate the Creativ Demo Importer plugin in all versions up to 1.0. The W...

4.3CVSS4.8AI score0.00158EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.2 views

CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation

The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...

4.3CVSS4.8AI score0.00158EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/12 11:6 p.m.7 views

WordPress Mavix Education plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation vulnerability

Software : Mavix Education Type : Theme Vulnerable versions : = 1.0 Fixed in : 1.1 OWASP Top 10 : A1: Broken Access Control Classification : Broken Access Control CVE ID : CVE-2025-11164 Patchstack priority : Low CVSS severity : 4.3 Required privilege : Subscriber Developer : Claim ownership PSID...

6.5AI score0.00158EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/12/12 11:6 p.m.5 views

WordPress Mavix Education plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation vulnerability

Missing Authorization to Authenticated Subscriber+ 'Creativ Demo Importer' Plugin Activation vulnerability discovered by Jonas Benjamin Friedli in WordPress Theme Mavix Education versions = 1.0...

4.3CVSS7AI score0.00158EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder