10 matches found
CVE-2025-11164
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
EUVD-2025-203208
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-11164
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-11164
CVE-2025-11164 affects the Mavix Education WordPress theme. The issue is a missing capability check on the AJAX action mavix_education_activate_plugin, allowing authenticated users with Subscriber-level access and above to activate the Creativ Demo Importer plugin in all versions up to 1.0. The W...
CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
WordPress plugin Mavix Education 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-51051
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavix education activate plugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Mavix Education plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation vulnerability
Software : Mavix Education Type : Theme Vulnerable versions : = 1.0 Fixed in : 1.1 OWASP Top 10 : A1: Broken Access Control Classification : Broken Access Control CVE ID : CVE-2025-11164 Patchstack priority : Low CVSS severity : 4.3 Required privilege : Subscriber Developer : Claim ownership PSID...
WordPress Mavix Education plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation vulnerability
Missing Authorization to Authenticated Subscriber+ 'Creativ Demo Importer' Plugin Activation vulnerability discovered by Jonas Benjamin Friedli in WordPress Theme Mavix Education versions = 1.0...