CVE-2026-0831

MEDIUM5.3

Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write

Published Jan 10, 2026

Modified 4 days ago

No fix available

Details

The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the save_template_to_file() function where user-controlled parameters like session_id, content_id, and ai_page_ids are used to construct file paths without proper sanitization. This makes it possible for unauthenticated attackers to write arbitrary .ai.json files to locations within the uploads directory.

References

WEBhttps://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/API/AIContent.php#L38 WEBhttps://plugins.trac.wordpress.org/browser/templately/tags/3.4.5/includes/Core/Importer/Utils/AIUtils.php#L414 WEBhttps://plugins.trac.wordpress.org/changeset/3426051/ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2026-0831 WEBhttps://www.wordfence.com/threat-intel/vulnerabilities/id/778242f4-5dfa-4d72-a032-8b5521c5b8ce?source=cve

CVSS Analysis

CVSS v3.1

5.3

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

LowI:L

Availability

NoneA:N

5.3/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Weakness Type (CWE)

Access Control

CWE-863

Incorrect Authorization

Ecosystems

Timeline

PublishedJan 10, 2026

ModifiedJan 12, 2026