CVE-2025-49408

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-49408
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7.

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://patchstack.com/database/wordpress/plugin/templately/vulnerability/wordpress-templately-plugin-3-2-7-sensitive-data-exposure-vulnerability?_s_id=cve
Configurations

No configuration.

History

28 Apr 2026, 19:33

Type Values Removed Values Added
CWE CWE-434 CWE-201
Summary (en) Unrestricted Upload of File with Dangerous Type vulnerability in WPDeveloper Premium Age Verification / Restriction for WordPress age-restriction allows Using Malicious Files.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2. (en) Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7.
References
  • {'url': 'https://patchstack.com/database/Wordpress/Plugin/age-restriction/vulnerability/wordpress-premium-age-verification-restriction-for-wordpress-plugin-3-0-2-arbitrary-file-upload-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}
  • () https://patchstack.com/database/wordpress/plugin/templately/vulnerability/wordpress-templately-plugin-3-2-7-sensitive-data-exposure-vulnerability?_s_id=cve -

23 Apr 2026, 15:31

Type Values Removed Values Added
Summary (en) Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7. (en) Unrestricted Upload of File with Dangerous Type vulnerability in WPDeveloper Premium Age Verification / Restriction for WordPress age-restriction allows Using Malicious Files.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through <= 3.0.2.
References
  • {'url': 'https://patchstack.com/database/wordpress/plugin/templately/vulnerability/wordpress-templately-plugin-3-2-7-sensitive-data-exposure-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}
  • () https://patchstack.com/database/Wordpress/Plugin/age-restriction/vulnerability/wordpress-premium-age-verification-restriction-for-wordpress-plugin-3-0-2-arbitrary-file-upload-vulnerability?_s_id=cve -
CWE CWE-201 CWE-434
CVSS v2 : unknown
v3 : 4.9 		v2 : unknown
v3 : 10.0

20 Aug 2025, 14:39

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de inserción de información confidencial en los datos enviados en WPDeveloper Templately permite recuperar datos confidenciales incrustados. Este problema afecta a Templately desde la versión n/a hasta la 3.2.7.

20 Aug 2025, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-20 08:15

Updated : 2026-04-28 19:33

NVD link : CVE-2025-49408

Mitre link : CVE-2025-49408

CVE.ORG link : CVE-2025-49408

JSON object : View

Products Affected

No product.

CWE
CWE-201

Insertion of Sensitive Information Into Sent Data