RiceTheme Felan Framework CVE-2025-23504
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Authentication Bypass Using an Alternate Path or Channel vulnerability in RiceTheme Felan Framework felan-framework allows Authentication Abuse.This issue affects Felan Framework: from n/a through <= 1.1.3.
AnalysisAI
Felan Framework for WordPress (through 1.1.3) allows authentication bypass through an alternate path, enabling unauthenticated admin access.
Technical ContextAI
An alternate authentication path (CWE-288) allows bypassing the primary login mechanism to access admin functionality.
Affected ProductsAI
Felan Framework through 1.1.3
RemediationAI
Update or remove the plugin.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today