CVE-2025-10850
📋 TL;DR
The Felan Framework WordPress plugin contains hardcoded passwords in social login functions, allowing unauthenticated attackers to log in as any user who registered via Facebook or Google without changing their password. This affects all WordPress sites using Felan Framework version 1.1.4 or earlier with social login enabled.
💻 Affected Systems
- Felan Framework WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrative privileges, steal sensitive data, deface websites, or install malware.
Likely Case
Attackers compromise user accounts to steal personal information, post malicious content, or use accounts for further attacks.
If Mitigated
Limited impact if social login is disabled or users have changed passwords, though risk remains for affected configurations.
🎯 Exploit Status
Attack requires knowledge of hardcoded passwords but no authentication needed. Simple to exploit once details are known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.5 or later
Vendor Advisory: https://themeforest.net/item/felan-freelance-marketplace-and-job-board-wordpress-theme/53612955
Restart Required: No
Instructions:
1. Update Felan Framework plugin to version 1.1.5 or later via WordPress admin panel. 2. Verify update completed successfully. 3. Test social login functionality.
🔧 Temporary Workarounds
Disable Social Login
allTemporarily disable Facebook and Google social login features in Felan Framework settings
Force Password Reset
allRequire all users who registered via social login to reset their passwords
🧯 If You Can't Patch
- Disable the Felan Framework plugin entirely until patched
- Implement web application firewall rules to block suspicious authentication attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Felan Framework version. If version is 1.1.4 or earlier, you are vulnerable.Check Version:
wp plugin list --name=felan-framework --field=versionVerify Fix Applied:
Confirm Felan Framework version is 1.1.5 or later in WordPress admin panel and test social login functionality.📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts followed by successful logins from unusual IPs
- User account logins from IPs not matching typical patterns
- Administrative actions from newly logged-in accounts
Network Indicators:
- Unusual authentication patterns to /wp-admin/admin-ajax.php
- Requests containing hardcoded password strings in payloads
SIEM Query:
source="wordpress.log" AND ("fb_ajax_login_or_register" OR "google_ajax_login_or_register") AND status=200