CVE-2025-22741 WordPress Felan Framework plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a through 1.1.3...

CVE-2025-23993 WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RiceTheme Felan Framework felan-framework allows SQL Injection.This issue affects Felan Framework: from n/a through = 1.1.3...

CVE-2025-23504 WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through = 1.1.3...

CVE-2025-23504

CVE-2025-23504 affects RiceTheme Felan Framework (felan-framework) up to version 1.1.3. The vulnerability is an Authentication Bypass via an alternate path or channel, enabling Authentication Abuse. Impact details stated across sources indicate high severity with potential total implications for ...

WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability

SQL Injection vulnerability discovered by 0xd4rk5id3 in WordPress Plugin Felan Framework versions = 1.1.3...

WordPress Felan Framework plugin unauthorized data modification vulnerability

The WordPress Felan Framework plugin is a plugin with security vulnerabilities, mainly related to authentication issues. WordPress Felan Framework plugin has an unauthorized data modification vulnerability that stems from a lack of permission checking in the processpluginactions function, which c...

WordPress Felan Framework Improper Authentication Vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language.WordPress plugin is an application plugin. A vulnerability exists in the WordPress Felan Framework, which is caused by the presence of hard-coded passwords in the fbajaxloginorregister function and t...

WordPress Felan Framework plugin <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Plugin Activation/Deactivation via processpluginactions vulnerability discovered by István Márton in WordPress Plugin Felan Framework versions = 1.1.4...