CVE-2026-0831
Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write
CVSS Score
5.3
EPSS Score
0.0%
EPSS Percentile
0th
The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.
| CWE | CWE-863 |
| Vendor | wpdevteam |
| Product | templately – elementor & gutenberg template library: 6500+ free & pro ready templates and cloud! |
| Published | Jan 10, 2026 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for wpdevteam templately – elementor & gutenberg template library: 6500+ free & pro ready templates and cloud!
Be the first to know when new medium vulnerabilities affecting wpdevteam templately – elementor & gutenberg template library: 6500+ free & pro ready templates and cloud! are published — delivered to Slack, Telegram or Discord.
Get Free Alerts →
Free · No credit card · 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
wpdevteam / Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!
0 ≤ 3.4.8
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/778242f4-5dfa-4d72-a032-8b5521c5b8ce?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/Core/Importer/Utils/AIUtils.php#L414 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/API/AIContent.php#L38 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3426051/
Credits
M Indra Purnama