10 matches found
CVE-2025-11164
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
EUVD-2025-203208
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-11164
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-11164 Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavixeducationactivateplugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level acces...
CVE-2025-11164
CVE-2025-11164 affects the Mavix Education WordPress theme. The issue is a missing capability check on the AJAX action mavix_education_activate_plugin, allowing authenticated users with Subscriber-level access and above to activate the Creativ Demo Importer plugin in all versions up to 1.0. The W...
WordPress plugin Mavix Education 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-51051
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavix education activate plugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Mavix Education plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation vulnerability
Software : Mavix Education Type : Theme Vulnerable versions : = 1.0 Fixed in : 1.1 OWASP Top 10 : A1: Broken Access Control Classification : Broken Access Control CVE ID : CVE-2025-11164 Patchstack priority : Low CVSS severity : 4.3 Required privilege : Subscriber Developer : Claim ownership PSID...
WordPress Mavix Education plugin <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation vulnerability
Missing Authorization to Authenticated Subscriber+ 'Creativ Demo Importer' Plugin Activation vulnerability discovered by Jonas Benjamin Friedli in WordPress Theme Mavix Education versions = 1.0...