Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! by wpdevteam

    CVE-2026-0831 (GCVE-0-2026-0831)

    Vulnerability from nvd – Published: 2026-01-10 09:22 – Updated: 2026-04-08 17:01
    VLAI
    Title
    Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write
    Summary
    The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Credits
    M Indra Purnama
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T13:07:30.520778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T13:09:57.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Templately \u2013 Elementor \u0026 Gutenberg Template Library: 6500+ Free \u0026 Pro Ready Templates And Cloud!",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "M Indra Purnama"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:43.379Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/778242f4-5dfa-4d72-a032-8b5521c5b8ce?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/Core/Importer/Utils/AIUtils.php#L414"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/API/AIContent.php#L38"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3426051/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-19T23:25:34.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-09T20:32:57.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Templately \u003c= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-0831",
        "datePublished": "2026-01-10T09:22:18.126Z",
        "dateReserved": "2026-01-09T20:31:20.483Z",
        "dateUpdated": "2026-04-08T17:01:43.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-0831 (GCVE-0-2026-0831)

    Vulnerability from cvelistv5 – Published: 2026-01-10 09:22 – Updated: 2026-04-08 17:01
    VLAI
    Title
    Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write
    Summary
    The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Credits
    M Indra Purnama
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-0831",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-12T13:07:30.520778Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-12T13:09:57.883Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Templately \u2013 Elementor \u0026 Gutenberg Template Library: 6500+ Free \u0026 Pro Ready Templates And Cloud!",
              "vendor": "wpdevteam",
              "versions": [
                {
                  "lessThanOrEqual": "3.4.8",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "M Indra Purnama"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863 Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:01:43.379Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/778242f4-5dfa-4d72-a032-8b5521c5b8ce?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/Core/Importer/Utils/AIUtils.php#L414"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/API/AIContent.php#L38"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3426051/"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-12-19T23:25:34.000Z",
              "value": "Vendor Notified"
            },
            {
              "lang": "en",
              "time": "2026-01-09T20:32:57.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Templately \u003c= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2026-0831",
        "datePublished": "2026-01-10T09:22:18.126Z",
        "dateReserved": "2026-01-09T20:31:20.483Z",
        "dateUpdated": "2026-04-08T17:01:43.379Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }