CVE-2023-5454

The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:templately:templately:*:*:*:*:*:wordpress:*:*

History

14 Nov 2023, 15:32

Type Values Removed Values Added
References (MISC) https://wpscan.com/vulnerability/1854f77f-e12a-4370-9c44-73d16d493685 - (MISC) https://wpscan.com/vulnerability/1854f77f-e12a-4370-9c44-73d16d493685 - Exploit, Third Party Advisory
First Time Templately
Templately templately
CPE cpe:2.3:a:templately:templately:*:*:*:*:*:wordpress:*:*
CWE CWE-862
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5

07 Nov 2023, 12:14

Type Values Removed Values Added
CWE CWE-284

06 Nov 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-06 21:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-5454

Mitre link : CVE-2023-5454

CVE.ORG link : CVE-2023-5454


JSON object : View

Products Affected

templately

  • templately
CWE
CWE-862

Missing Authorization