VYPR

Templately

by WordPress

Source repositories

CVEs (5)

  • CVE-2025-49408CriAug 20, 2025
    risk 0.65cvss 10.0epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7.

  • CVE-2026-42379HigApr 27, 2026
    risk 0.50cvss 7.7epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.

  • CVE-2024-50423MedOct 29, 2024
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in WPDeveloper Templately templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through <= 3.1.5.

  • CVE-2026-0831MedJan 10, 2026
    risk 0.27cvss 5.3epss 0.00

    The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and…

  • CVE-2023-5454Nov 6, 2023
    risk 0.00cvss epss 0.01

    The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.