7 matches found
CVE-2023-5454
The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts...
CVE-2023-5454
creationtimestamp| type| source ---|---|--- 2025-02-26 21:25:23+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5610...
CVE-2023-5454
The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts...
CVE-2023-5454 Templately < 2.2.6 - Arbitrary post trashing via Missing Authorization
The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts...
CVE-2023-5454
The CVE concerns the WordPress plugin Templately (versions prior to 2.2.6). Affected component: the saved-templates/delete REST API endpoint. Root cause: improper authorization allows unauthenticated users to perform delete operations. Impact: potential arbitrary post deletion due to missing acce...
CVE-2023-5454 Templately < 2.2.6 - Arbitrary post trashing via Missing Authorization
The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts...
WordPress Templately Plugin < 2.2.6 is vulnerable to Broken Access Control
Software Templately Type Plugin Vulnerable versions 2.2.6 Fixed in 2.2.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5454 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID d43e1c889b21 Credits Krzysztof Zając CERT PL Require...