GCVE - cpe:2.3:a:envato:template_kit_-_import:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:envato:template_kit_-_import:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Envato (`cfd5aa32-8ebb-5e72-8556-d27b28c3afce`)
Product	Template Kit Import (`70a0db28-a528-55ac-aaa4-488bad0d2f06`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-4330`	vulnerable	2026-06-08 05:38:09.193478	Envato Elements <= 2.0.10 & Template Kit <= 1.0.13 - Authenticated (Contributor+) Arbitrary File Upload HIGH (8.8) The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplateKitZipFile functions. This makes it possible for attackers with contributor-lever permissions and above to upload arbitrary files and potentially gain remote code execution in versions up to and including 1.0.13 of Template Kit – Import and versions up to and including 2.0.10 of Envato Elements & Download. Published: 2023-03-07T13:51:38.617Z Updated: 2026-04-08T16:58:34.164Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/68fe17e2-d5ab-4ebd-a5c6-d65cea327abd?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2617529%40envato-elements&new=2617529%40envato-elements&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.