Approved changes feed: RSS · Atom

cpe:2.3:a:envato:template_kit_–_import:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorEnvato (cfd5aa32-8ebb-5e72-8556-d27b28c3afce)
ProductTemplate Kit – Import (700d864c-38f5-5972-ad0c-0b601d93a295)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-2334 vulnerable 2026-06-08 06:33:30.886271 Template Kit – Import <= 1.0.14 - Authenticated(Author+) Stored Cross-Site Scripting via template upload
MEDIUM (6.4)
The Template Kit – Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the template upload functionality in all versions up to, and including, 1.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2024-04-09T18:58:51.566Z
Updated: 2026-04-08T16:56:57.343Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-4330 vulnerable 2026-06-08 05:38:09.187713 Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload
HIGH (8.8)
The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download.
Published: 2023-03-07T13:51:38.617Z
Updated: 2026-04-08T16:58:34.164Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.