Lucene search
HistoryNov 06, 2023 - 9:15 p.m.
CVE-2023-5454
cve-2023-5454
templately
wordpress plugin
unauthorized access
rest api
nvd
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.7%
The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts.
Affected configurations
Node
templatelytemplatelyRange<2.2.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| templately | templately | * | cpe:2.3:a:templately:templately:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "Templately",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.2.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion
2023-10-16 00:00:00
wpexploit
wpexploit
Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion
2023-10-16 00:00:00
prion
prion
Code injection
2023-11-06 21:15:00
openvas
openvas
nvd
nvd
CVE-2023-5454
2023-11-06 21:15:09
cvelist
cvelist
wordfence
wordfence
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
32.7%
Related for CVE-2023-5454