Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! < 3.6.2 – Authenticated (Contributor+) Information Exposure | CVE 2026-42379 | Plugin Vulnerabilities

Description

The Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive user or configuration data.

Affects Plugins

Fixed in 3.6.2

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/02b7bbdf-5cb9-4206-bee5-3b43f0f862ea

Classification

Type

SENSITIVE DATA DISCLOSURE

OWASP top 10

A3: Sensitive Data Exposure

CWE

CVSS

Miscellaneous

Original Researcher

Ananda Dhakal

Verified

No

WPVDB ID

ff3cf8cf-17b3-4edd-9f00-f9c9518edb7e

Timeline

Publicly Published

2026-04-27 (about 16 days ago)

Added

2026-04-30 (about 13 days ago)

Last Updated

2026-04-30 (about 13 days ago)

Other

Published

Title

Published

2024-12-13

Title

Tickera – WordPress Event Ticketing < 3.5.4.9 - Unauthenticated Customer Data Exposure

Published

2023-10-12

Title

WP < 6.3.2 - Contributor+ Comment Disclosure

Published

2025-09-12

Title

Multiple Plugins and Themes by inkthemes - Unauthenticated Information Exposure

Published

2026-03-04

Title

WP Booking System – Booking Calendar < 2.0.19.13 - Unauthenticated Information Exposure

Published

2026-05-01

Title

Widgets for Social Photo Feed < 1.8.1 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints