Lucene search
HistoryNov 06, 2023 - 9:15 p.m.
CVE-2023-5454
templately wordpress plugin
vulnerability
unauthenticated users
delete
rest api call
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.7%
The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts.
Affected configurations
Node
templatelytemplatelyRange<2.2.6wordpress
Related
wpvulndb
wpvulndb
Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion
2023-10-16 00:00:00
cve
cve
CVE-2023-5454
2023-11-06 21:15:09
prion
prion
Code injection
2023-11-06 21:15:00
openvas
openvas
wpexploit
wpexploit
Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion
2023-10-16 00:00:00
cvelist
cvelist
wordfence
wordfence
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
32.7%
Related for NVD:CVE-2023-5454