Templately < 3.4.9 – Unauthenticated Limited Arbitrary JSON File Write | CVE 2026-0831 | Plugin Vulnerabilities

Description

The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the `save_template_to_file()` function where user-controlled parameters like `session_id`, `content_id`, and `ai_page_ids` are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory.

Affects Plugins

Fixed in 3.4.9

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/778242f4-5dfa-4d72-a032-8b5521c5b8ce

Classification

Type

INCORRECT AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

type5afe

Verified

No

WPVDB ID

338e2ce9-a025-4f72-a098-d450ebcf8e3e

Timeline

Publicly Published

2026-01-09 (about 4 months ago)

Added

2026-01-09 (about 4 months ago)

Last Updated

2026-01-11 (about 4 months ago)

Other

Published

Title

Published

2021-10-27

Title

WPS Hide Login < 1.9.1 - Protection Bypass with Referer-Header

Published

2025-10-17

Title

FileBird < 6.5.0 - Author+ Settings Reset

Published

2022-08-15

Title

Visual Portfolio < 2.19.0 - Contributor+ CSS Injection

Published

2022-11-21

Title

AntiHacker < 4.20 - Subscriber+ Arbitrary Plugin Installation

Published

2026-02-25

Title

The Events Calendar < 6.15.16.1 - Contributor+ Event/Organizer/Venue Update/Trash via REST API