Primary

Context

Felan Framework WordPress Plugin Improper Authentication Vulnerability

Vulnerability

A vulnerability exists in the Felan Framework plugin for WordPress, specifically in versions through 1.1.4, due to improper authentication caused by hardcoded passwords in the 'fb_ajax_login_or_register' and 'google_ajax_login_or_register' functions. This flaw allows unauthenticated attackers to log in as any existing user who registered using Facebook or Google social login and did not change their password.

Impact

Exploitation of this vulnerability allows for unauthorized login as any user who registered with Facebook or Google social login and did not change their password.

Remediation

Users can update to version 1.1.5 or a newer patched version to address this vulnerability.

Added: Oct 16, 2025, 7:20 AM

Updated: Oct 16, 2025, 7:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.4

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Felan Framework WordPress Plugin Improper Authentication Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating