All 5 CVE vulnerabilities found in Felan Framework, with AI-generated Chinese analysis, references, and POCs.
Vendor: RiceTheme
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-22741 | WordPress Felan Framework plugin <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability CWE-79 | 7.1 | High | 2026-05-27 |
| CVE-2025-23504 | WordPress Felan Framework plugin <= 1.1.3 - Account Takeover vulnerability CWE-288 | 9.8 | Critical | 2026-01-08 |
| CVE-2025-23993 | WordPress Felan Framework plugin <= 1.1.3 - SQL Injection vulnerability CWE-89 | 9.3 | Critical | 2026-01-08 |
| CVE-2025-10849 | Felan Framework <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Activation/Deactivation via process_plugin_actions CWE-862 | 5.3 | Medium | 2025-10-16 |
| CVE-2025-10850 | Felan Framework <= 1.1.4 - Hardcoded Credentials CWE-798 | 9.8 | Critical | 2025-10-16 |
All 5 known CVE vulnerabilities affecting Felan Framework with full Chinese analysis, references, and POCs where available.