Wpdevteam

**Name of the Vulnerable Software and Affected Versions** Templately versions prior to 3.4.9 **Description** The Templately plugin for WordPress is susceptible to an arbitrary file write issue. This is a result of insufficient input validation within the `save template to file()` function. User-controlled parameters, including `session id`, `content id`, and `ai page ids`, are utilized to create file paths without appropriate sanitization. This allows unauthenticated attackers to write arbitrary `.ai.json` files to locations within the uploads directory. **Recommendations** Update to Templately version 3.4.9 or later.