All 4 CVE vulnerabilities found in Felan Framework, with AI-generated Chinese analysis, references, and POCs.
Vendor: RiceTheme
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-23504 | WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability CWE-288 | 9.8 | Critical | 2026-01-08 |
| CVE-2025-23993 | WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability CWE-89 | 9.3 | Critical | 2026-01-08 |
| CVE-2025-10849 | Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions CWE-862 | 5.3 | Medium | 2025-10-16 |
| CVE-2025-10850 | Felan Framework <= 1.1.4 - Hardcoded Credentials CWE-798 | 9.8 | Critical | 2025-10-16 |
All 4 known CVE vulnerabilities affecting Felan Framework with full Chinese analysis, references, and POCs where available.