A critical improper authentication vulnerability exists in the Felan Framework plugin for WordPress. This flaw is caused by a hardcoded password, which allows an unauthenticated attacker to bypass normal login procedures and gain unauthorized administrative access to the affected website, potentially leading to a full site compromise.

The vulnerability is an improper authentication weakness due to a hardcoded password within the fb_ajax_login_or_register function. An attacker who discovers this static, hardcoded password can submit a specially crafted login request to this function. This bypasses standard WordPress authentication mechanisms, granting the attacker access to the site, likely with administrative privileges, without needing valid user credentials.

This vulnerability is rated as critical severity with a CVSS score of 9.8, indicating a high risk of compromise with minimal attacker effort. Successful exploitation could lead to a complete takeover of the affected WordPress website. Potential consequences include theft of sensitive user data, financial information, website defacement, distribution of malware to visitors, and using the compromised server as a pivot point for further attacks on the internal network, posing severe reputational, financial, and operational risks to the organization.

Immediate Action: Immediately update The Felan Framework plugin for WordPress to the latest patched version that resolves this vulnerability. After patching, it is crucial to review all user accounts (especially administrative ones) for any unauthorized additions or modifications and review access logs for signs of compromise prior to the update.

Proactive Monitoring: Monitor web server and application logs for any direct POST requests to the endpoint associated with the fb_ajax_login_or_register function. Scrutinize login attempts from unknown or suspicious IP addresses. Implement alerts for the creation of new administrative accounts or unexpected changes to plugin or theme files.

Compensating Controls: If immediate patching is not feasible, consider disabling the Felan Framework plugin until it can be updated. Alternatively, deploy a Web Application Firewall (WAF) with a custom rule to block access to the vulnerable AJAX function endpoint. Restricting access to the WordPress login and admin pages (/wp-login.php and /wp-admin/) to trusted IP addresses can also reduce the attack surface.

Public Exploit Available: false

Given the critical CVSS score of 9.8 and the ease of exploitation, immediate remediation is strongly recommended. Organizations must prioritize applying the vendor-supplied patch to all websites using the affected Felan Framework plugin. Although this vulnerability is not currently listed on the CISA KEV list, its high severity and the potential for widespread impact make it a prime target for opportunistic attackers.