Sensitive Information Exposure in WPDeveloper Templately Plugin
CVE-2026-42379

7.7HIGH

Key Information:

Vendor: WordPress
Status: Templately
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-42379?

A vulnerability exists in the WPDeveloper Templately plugin that permits the insertion of sensitive information into sent data. This issue allows attackers to retrieve embedded sensitive data, potentially compromising user privacy and security. The affected versions range from release n/a up to and including version 3.6.1, posing a risk to users who have not yet upgraded to secure releases.

Affected Version(s)

Templately <= 3.6.1

References

https://patchstack.com/database/wordpress/plugin/template...

vdb-entry

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

Ananda Dhakal | Patchstack

CVE-2026-42379 Data

JSON