4 matches found
CVE-2025-23993 WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RiceTheme Felan Framework felan-framework allows SQL Injection.This issue affects Felan Framework: from n/a through = 1.1.3...
CVE-2025-10849
The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...
CVE-2025-10849
The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...
WordPress Felan Framework plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions vulnerability
Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Activation/Deactivation via processpluginactions vulnerability discovered by István Márton in WordPress Plugin Felan Framework versions = 1.1.4...