Templately
by WordPress
Source repositories
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-49408 | Cri | 0.65 | 10.0 | 0.00 | Aug 20, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. | ||
| CVE-2026-42379 | Hig | 0.50 | 7.7 | 0.00 | Apr 27, 2026 | Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1. | ||
| CVE-2024-50423 | Med | 0.35 | 5.4 | 0.00 | Oct 29, 2024 | Missing Authorization vulnerability in WPDeveloper Templately templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through <= 3.1.5. | ||
| CVE-2026-0831 | Med | 0.27 | 5.3 | 0.00 | Jan 10, 2026 | The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and… | ||
| CVE-2023-5454 | 0.00 | — | 0.01 | Nov 6, 2023 | The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. |
- risk 0.65cvss 10.0epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7.
- risk 0.50cvss 7.7epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.
- risk 0.35cvss 5.4epss 0.00
Missing Authorization vulnerability in WPDeveloper Templately templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through <= 3.1.5.
- risk 0.27cvss 5.3epss 0.00
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and…
- CVE-2023-5454Nov 6, 2023risk 0.00cvss —epss 0.01
The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.