CVE-2025-10850
BaseFortify
Publication date: 2025-10-16
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | felan_framework | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Felan Framework plugin for WordPress (up to version 1.1.4) due to hardcoded passwords in the 'fb_ajax_login_or_register' and 'google_ajax_login_or_register' functions. Because of this, unauthenticated attackers can exploit these hardcoded passwords to log in as any existing user who registered using Facebook or Google social login and did not change their password.
How can this vulnerability impact me? :
The vulnerability allows unauthenticated attackers to gain unauthorized access to user accounts on the affected WordPress site. This can lead to full compromise of user accounts, potentially resulting in data theft, unauthorized actions, and complete control over the affected site.