Ricetheme Felan Framework
5 CVEs affecting Ricetheme Felan Framework. Latest disclosed: 2026-05-27. Critical: 3, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-23504 | Critical | 9.8 | 2026-01-08 | Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affe… |
CVE-2025-10850 | Critical | 9.8 | 2025-10-16 | The Felan Framework plugin for WordPress is vulnerable to improper authentication in versions up to, and including, 1.1.4. This is due to the hardcoded passwor… |
CVE-2025-23993 | Critical | 9.3 | 2026-01-08 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RiceTheme Felan Framework felan-framework allows SQL Inje… |
CVE-2025-22741 | High | 7.1 | 2026-05-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RiceTheme Felan Framework allows Reflected XSS. This iss… |
CVE-2025-10849 | Medium | 5.3 | 2025-10-16 | The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_plugin_actions' f… |