Vulnerabilities and security researches fortemplately templately

Jun 07, 2024

CVE, Research URL: CVE-2023-5454
Home page URL: Security reports for Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Application: Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Date: Nov 07, 2023
Research Description: The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.
Affected versions: max 2.2.6.
Status: vulnerable

Sep 29, 2024

CVE, Research URL: CVE-2024-47308
Home page URL: Security reports for Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Application: Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in Templately allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Templately: from n/a through 3.1.2.
Affected versions: max 3.1.3.
Status: vulnerable

Oct 27, 2024

CVE, Research URL: CVE-2024-50423
Home page URL: Security reports for Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Application: Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Date: Oct 30, 2024
Research Description: Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.
Affected versions: max 3.1.6.
Status: vulnerable

CVE, Research URL: CVE-2024-50424
Home page URL: Security reports for Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Application: Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Date: Oct 30, 2024
Research Description: Missing Authorization vulnerability in Templately allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Templately: from n/a through 3.1.5.
Affected versions: max 3.1.6.
Status: vulnerable

Aug 22, 2025

CVE, Research URL: CVE-2025-49408
Home page URL: Security reports for Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Application: Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Date: Aug 20, 2025
Research Description: Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7.
Affected versions: max 3.2.8.
Status: vulnerable

Apr 16, 2026

CVE, Research URL: CVE-2026-0831
Home page URL: Security reports for Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Application: Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!
Date: Jan 10, 2026
Research Description: The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.
Affected versions: max 3.4.9.
Status: vulnerable