CVE-2026-0831

Name of the Vulnerable Software and Affected Versions Templately versions prior to 3.4.9

Description The Templately plugin for WordPress is susceptible to an arbitrary file write issue. This is a result of insufficient input validation within the save template to file() function. User-controlled parameters, including session id, content id, and ai page ids, are utilized to create file paths without appropriate sanitization. This allows unauthenticated attackers to write arbitrary .ai.json files to locations within the uploads directory.

Recommendations Update to Templately version 3.4.9 or later.