cleantalk
Vulnerabilities and Security Researches

Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!, CVE-2026-0831

CVE, Research URL

CVE-2026-0831

Home page URL

Security reports for Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!

Application

Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!

Published on
Jan 10, 2026
Research Description
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.
Affected versions
max 3.4.9.
Status
vulnerable
Previous vulnerability researches
WP Duplicate – WordPress Migration Plugin (CVE-2025-24652) , Jan 26, 2025
WP Duplicate – WordPress Migration Plugin (CVE-2026-1499) , Apr 15, 2026
New vulnerability
AMP Enhancer – Compatibility Layer for Official AMP Plugin (CVE-2026-2027) , Apr 16, 2026
WaveSurfer-WP (CVE-2026-1909) , Apr 16, 2026
xmlrpc attacks blocker (CVE-2026-2502) , Apr 16, 2026
Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud! (CVE-2026-0831) , Apr 16, 2026
iRobots.txt SEO (CVE-2025-68840) , Apr 16, 2026