CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-49408

CVSS 10.0v3.1pub. 2025-08-20upd. 2026-04-28

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7.

🤖 AI Analysis
How it works

The vulnerability lies in the fact that the plugin incorrectly attaches sensitive information to data sent in network responses or requests. An attacker can intercept or otherwise retrieve this data without requiring authentication and without any user interaction. Due to the network vector (AV:N) and lack of permission requirements (PR:N) and user interaction (UI:N), the attack can be conducted remotely by anyone with access to the network.

Impact

An attacker can gain access to sensitive data embedded in transmitted information, which may lead to violations of confidentiality, integrity and system availability — including potentially credential theft or further attack escalation.

Mitigation & patch

The Templately plugin should be updated to a version higher than 3.2.7. Detailed information about the available patch can be found in the vendor references and in the Patchstack database.

Who is affected

The WPDeveloper Templately plugin for WordPress in versions from n/a to 3.2.7 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References