Templately < 3.2.8 – Authenticated (Author+) Information Disclosure | CVE 2025-49408 | Plugin Vulnerabilities

Description

The Templately – Elementor & Gutenberg Template Library: 5500+ Free & Pro Ready Templates And Cloud! plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.7. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Fixed in 3.2.8

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/796fb66c-5a06-4f78-b3f2-a9b0717514e0

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

ch4r0n

Verified

No

WPVDB ID

05b00ade-bfd3-466f-99bb-5ac115fe7d06

Timeline

Publicly Published

2025-08-20 (about 8 months ago)

Added

2025-08-26 (about 8 months ago)

Last Updated

2025-08-26 (about 8 months ago)

Other

Published

Title

Published

2026-02-03

Title

Chapa Payment Gateway Plugin for WooCommerce <= 1.0.3 - Unauthenticated Sensitive Information Exposure

Published

2026-01-08

Title

NextGEN Download Gallery <= 1.6.2 - Unauthenticated Information Exposure

Published

2024-04-03

Title

Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) < 3.2.10 - Sensitive Information Exposure

Published

2024-07-04

Title

Simple Job Board < 2.12.6 - Unauthenticated Resumes Download

Published

2021-11-11

Title

Like Button Rating < 2.6.38 - Unauthorised Vote Export to Email & IP Addresses Disclosure