CVE-2025-11164
📋 TL;DR
This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to activate the Creativ Demo Importer plugin without proper authorization. It affects all versions of the Mavix Education WordPress theme up to and including 1.0. Attackers can exploit this to install potentially malicious demo content.
💻 Affected Systems
- Mavix Education WordPress Theme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could activate the demo importer plugin and install malicious demo content containing backdoors, leading to complete site compromise and data theft.
Likely Case
Attackers activate the demo importer to install unwanted plugins or themes, potentially introducing security vulnerabilities or defacing the website.
If Mitigated
With proper user role management and security monitoring, impact is limited to unauthorized plugin activation that can be detected and reversed.
🎯 Exploit Status
Exploitation requires authenticated access but is simple via AJAX request. Subscriber accounts are commonly available on WordPress sites.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.0
Vendor Advisory: https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=297888%40mavix-education&new=297888%40mavix-education
Restart Required: No
Instructions:
1. Update Mavix Education theme to latest version. 2. If update not available, remove theme and replace with secure alternative. 3. Verify Creativ Demo Importer plugin is not activated without authorization.
🔧 Temporary Workarounds
Remove vulnerable theme
linuxTemporarily replace Mavix Education theme with default WordPress theme
wp theme activate twentytwentyfour
wp theme delete mavix-education
Restrict user capabilities
linuxRemove AJAX action handling capability from Subscriber role
wp role reset subscriber
wp cap remove subscriber edit_theme_options
🧯 If You Can't Patch
- Remove all Subscriber and higher user accounts except administrators
- Implement web application firewall rules to block requests to mavix_education_activate_plugin AJAX endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress theme directory for mavix-education folder and verify version is 1.0 or earlierCheck Version:
wp theme list --field=name,status,version | grep mavix-educationVerify Fix Applied:
Confirm theme version is updated beyond 1.0 and test AJAX endpoint returns proper authorization error📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with action=mavix_education_activate_plugin from non-admin users
- Unexpected activation of Creativ Demo Importer plugin
Network Indicators:
- AJAX requests to activate_plugin endpoint from unauthorized IPs
SIEM Query:
source="wordpress.log" AND "mavix_education_activate_plugin" AND NOT user_role="administrator"