What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1.
Explanation of Vulnerability in Simple Terms
Templately versions up to 3.6.1 contain an information disclosure vulnerability. An authenticated user with low privileges can read sensitive data from other users or parts of the site due to insufficient access controls. The vulnerability affects the entire application scope. Update to version 3.6.6 or later to resolve this issue.
What an attacker can do
Read sensitive data belonging to other users or restricted site areas.
Potential impact on your site
Any registered user can access confidential information they shouldn't see, including other users' data.
Conditions required to exploit
Attacker must have a low-privilege account on the site; no user interaction required.
Key dates
External resources
Related vulnerabilities