Unrated severityNVD Advisory· Published Nov 6, 2023· Updated Feb 26, 2025
Templately < 2.2.6 - Arbitrary post trashing via Missing Authorization
CVE-2023-5454
Description
The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts.
Affected products
1- Range: 0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/1854f77f-e12a-4370-9c44-73d16d493685mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.