Primary

Context

Mavix Education WordPress Theme Missing Authorization Vulnerability in AJAX Action

Vulnerability

A vulnerability exists in the Mavix Education theme for WordPress, all versions through 1.0, allowing unauthorized data modification. The issue arises from a missing capability check on the 'mavix_education_activate_plugin' AJAX action. This flaw enables authenticated attackers with Subscriber-level access and above to activate the Creativ Demo Importer plugin.

Impact

Exploitation of this vulnerability allows for unauthorized activation of the Creativ Demo Importer plugin, potentially leading to further unauthorized actions or modifications within the WordPress site.

Remediation

Users can update to version 1.1 or a newer patched version to address this vulnerability.

Added: Dec 13, 2025, 5:29 PM

Updated: Dec 13, 2025, 5:29 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.9

remediation

7.7

relevance

1.4

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mavix Education WordPress Theme Missing Authorization Vulnerability in AJAX Action

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating