Description
The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavix_education_activate_plugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate the Creativ Demo Importer plugin.
Published: 2025-12-13
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Plugin Activation
Action: Apply Restriction
AI Analysis

Impact

An unauthorized capability check in the Mavix Education WordPress theme allows authenticated users with Subscriber-level access or higher to activate the Creativ Demo Importer plugin through the 'mavix_education_activate_plugin' AJAX call. This flaw permits users to enable a plugin they should not control, potentially changing site behavior or loading additional code. The weakness is identified by CWE-862, indicating a missing authorization check.

Affected Systems

WordPress sites running the Mavix Education theme by creativthemes, all released versions up to and including 1.0.

Risk and Exploitability

The CVSS base score of 4.3 classifies the issue as moderate, while the EPSS score of less than 1% indicates exploitation is unlikely in the short term. The flaw is accessible only to authenticated users, requiring at least Subscriber privileges to attempt exploitation. Because the AJAX endpoint lacks a capability check, any user with those credentials can activate the plugin, providing a simple vector for unauthorized plugin activation on affected sites. The vulnerability is not currently listed in the CISA KEV catalog, supporting the low exploitation probability assessment.

Generated by OpenCVE AI on April 21, 2026 at 17:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Disable or delete the Creativ Demo Importer plugin to eliminate the risk of unauthorized activation.
  • Add a capability check to the 'mavix_education_activate_plugin' AJAX endpoint so only administrators can trigger it, or remove the action from non-admin roles.
  • If a newer Mavix Education theme version that includes the proper capability checks becomes available, upgrade to that version; otherwise, keep the current theme and limit plugin activation capability.

Generated by OpenCVE AI on April 21, 2026 at 17:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 15 Dec 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sun, 14 Dec 2025 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Sat, 13 Dec 2025 04:45:00 +0000

Type Values Removed Values Added
Description The Mavix Education theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mavix_education_activate_plugin' AJAX action in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate the Creativ Demo Importer plugin.
Title Mavix Education <= 1.0 - Missing Authorization to Authenticated (Subscriber+) 'Creativ Demo Importer' Plugin Activation
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:14:01.028Z

Reserved: 2025-09-29T16:42:40.617Z

Link: CVE-2025-11164

cve-icon Vulnrichment

Updated: 2025-12-15T15:43:14.956Z

cve-icon NVD

Status : Deferred

Published: 2025-12-13T16:16:45.137

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-11164

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T17:15:25Z

Weaknesses