cleantalk
Vulnerabilities and Security Researches

Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!, CVE-2026-0831

CVE, Research URL

CVE-2026-0831

Home page URL

Security reports for Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!

Application

Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud!

Published on
Jan 10, 2026
Research Description
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.
Affected versions
max 3.4.9.
Status
vulnerable
Previous vulnerability researches
s2member Secure File Browser (CVE-2013-6837) , Jun 07, 2024
s2member Secure File Browser (3dc58532344f8d166072616889dc5a9ad35c105e) , Jun 07, 2024
New vulnerability
Google Calendar List View (CVE-2026-2396) , Apr 16, 2026
CM Email Registration Blacklist and Whitelist (CVE-2026-0691) , Apr 16, 2026
AMP Enhancer – Compatibility Layer for Official AMP Plugin (CVE-2026-2027) , Apr 16, 2026
WaveSurfer-WP (CVE-2026-1909) , Apr 16, 2026
xmlrpc attacks blocker (CVE-2026-2502) , Apr 16, 2026