Primary

Context

Felan Framework WordPress Plugin Missing Capability Check Vulnerability Allows Unauthenticated Plugin Management

Vulnerability

A vulnerability exists in the Felan Framework plugin for WordPress, specifically in versions through 1.1.4. The issue arises from a missing capability check in the 'process_plugin_actions' function, which is triggered by an AJAX action. This flaw enables unauthenticated attackers to activate or deactivate any plugin on the site.

Impact

Exploitation of this vulnerability allows for unauthorized activation or deactivation of WordPress plugins, which could lead to a range of issues depending on the functionality of the manipulated plugins.

Remediation

Users are advised to update the Felan Framework WordPress plugin to version 1.1.5 or later.

Added: Oct 16, 2025, 7:21 AM

Updated: Oct 16, 2025, 7:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Felan Framework WordPress Plugin Missing Capability Check Vulnerability Allows Unauthenticated Plugin Management

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating