8 matches found
CVE-2026-25009
Missing Authorization vulnerability in raratheme Education Zone education-zone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Education Zone: from n/a through = 1.3.8...
CVE-2026-32438 WordPress VW School Education theme <= 1.4.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in vowelweb VW School Education vw-school-education allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW School Education: from n/a through = 1.4.6...
CVE-2025-11164
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-48089 WordPress Education WordPress Theme | HiStudy theme < 3.1.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...
CVE-2025-48089 WordPress Education WordPress Theme | HiStudy theme < 3.1.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...
WordPress Education WordPress Theme | HiStudy theme < 3.1.0 - SQL Injection vulnerability
SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Theme Education WordPress Theme | HiStudy versions 3.1.0...
CVE-2024-13786
The education theme for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.10 via deserialization of untrusted input in the 'themerexcallbackviewmoreposts' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP...
PT-2025-27604 · WordPress · Education Theme
Name of the Vulnerable Software and Affected Versions: Education theme for WordPress versions up to, and including, 3.6.10 Description: The issue allows unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in the themerex callback view more posts function. This...