Skip to main content
CVE-2025-10850 CRITICAL Act Now

Authentication bypass in Felan Framework WordPress plugin versions up to 1.1.4 enables unauthenticated attackers to impersonate any user account registered via Facebook or Google social login. Hardcoded passwords in fb_ajax_login_or_register and google_ajax_login_or_register functions allow complete account takeover of affected users without requiring credentials. Exploitable remotely without user interaction. CVSS 9.8 Critical severity. No public exploit identified at time of analysis.

Google WordPress Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy