WordPress Plugin Vulnerabilities

Templately < 3.1.3 - Missing Authorization

Description

The Templately – Elementor & Gutenberg Template Library: 5000+ Free & Pro Ready Templates & Cloud! plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.1.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
templately
Fixed in 3.1.3

References

CVE
CVE-2024-47308
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/5fa75f3a-3582-4851-a67c-6c4981fb9abb

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Joshua Chan
Verified
No
WPVDB ID
5905d811-ac4a-44c5-82f9-a4b526e7b613

Timeline

Publicly Published
2024-09-25 (about 1 year ago)
Added
2024-10-02 (about 1 year ago)
Last Updated
2024-10-02 (about 1 year ago)

Other

Published
Title
Published
2026-01-09
Title
The Events Calendar < 6.15.13 - Missing Authorization
Published
2025-09-29
Title
Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure
Published
2025-12-01
Title
Get Cash <= 3.2.3 - Missing Authorization
Published
2026-01-18
Title
Hyyan WooCommerce Polylang Integration <= 1.5.0 - Missing Authorization
Published
2025-12-04
Title
CRM Memberships < 2.7 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint