Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! Security & Risk Analysis

Templately is an AI-powered WordPress templates cloud for Elementor and Gutenberg that offers 6,500+ ready template designs for a wide range of niches

400K active installs v3.5.2 PHP 7.2+ WP 5.0+ Updated Feb 25, 2026

elementor-templategutenberg-templatelanding-pagetemplateswocommerce-templates

A · Safe

CVEs total6

Unpatched0

Last CVEJan 9, 2026

Plugin page Download

Safety Verdict

Is Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! Safe to Use in 2026?

Generally Safe

Score 95/100

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Jan 9, 2026Updated 1mo ago

Risk Assessment

The Templately plugin v3.5.2 exhibits a mixed security posture. While it demonstrates good practices in several areas, such as a high percentage of prepared SQL statements and proper output escaping, there are notable concerns. The presence of two AJAX handlers without authentication checks represents a significant attack surface, potentially allowing unauthorized actions. Furthermore, the use of the `unserialize` function, a known source of vulnerabilities when handling untrusted input, introduces a risk that warrants careful attention. The plugin's vulnerability history, with six medium-severity CVEs, primarily focused on authorization issues and information exposure, indicates a pattern of past security weaknesses. Although all known CVEs are currently patched, this history suggests a need for continued vigilance and robust security testing. In conclusion, while the plugin has strengths in its adherence to secure coding practices for SQL and output, the unprotected AJAX endpoints and the historical trend of authorization-related vulnerabilities are key areas of concern.

Key Concerns

Unprotected AJAX handlers
Dangerous function: unserialize used
History of 6 medium severity CVEs

Vulnerabilities

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

3 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

6 total CVEs

CVE-2026-0831medium · 5.3Incorrect Authorization

Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write

Jan 9, 2026 Patched in 3.4.9 (1d)

CVE-2025-49408medium · 4.3Exposure of Sensitive Information to an Unauthorized Actor

Templately <= 3.2.7 - Authenticated (Author+) Information Disclosure

Aug 20, 2025 Patched in 3.2.8 (7d)

CVE-2024-50423medium · 4.3Missing Authorization

Templately <= 3.1.5 - Missing Authorization

Oct 24, 2024 Patched in 3.1.6 (50d)

CVE-2024-50424medium · 6.3Missing Authorization

Templately <= 3.1.5 - Missing Authorization via AJAX actions

Oct 24, 2024 Patched in 3.1.6 (7d)

CVE-2024-47308medium · 5.3Missing Authorization

Templately <= 3.1.2 - Missing Authorization

Sep 25, 2024 Patched in 3.1.3 (8d)

CVE-2023-5454medium · 6.5Improper Authorization

Templately <= 2.2.5 - Improper Authorization to Arbitrary Post Deletion

Oct 16, 2023 Patched in 2.2.6 (99d)

Code Analysis

Analyzed Mar 16, 2026

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! Code Analysis

Dangerous Functions

Raw SQL Queries

46 prepared

Unescaped Output

64 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$attachment_metadata = @unserialize($meta['value']);includes\API\AIContent.php:696

unserialize$_cloud_activity = unserialize( $response['user']['my_cloud']['last_pushed'] );includes\API\Login.php:137

unserialize$_cloud_activity = unserialize( $response['user']['my_cloud']['last_pushed'] );includes\API\Profile.php:38

SQL Query Safety

98% prepared47 total queries

Output Escaping

79% escaped81 total outputs

Data Flows

All sanitized

Data Flow Analysis

3 flows

<FullSiteImport> (includes\Core\Importer\FullSiteImport.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! Attack Surface

Entry Points4

Unprotected2

AJAX Handlers 4

authwp_ajax_templately_create_templateincludes\Builder\ThemeBuilder.php:56

authwp_ajax_update_gutenberg_hide_buttonsincludes\Core\Platform\Gutenberg.php:50

authwp_ajax_templately_google_loginincludes\Plugin.php:89

noprivwp_ajax_templately_google_loginincludes\Plugin.php:90

WordPress Hooks 88

actionadmin_menuincludes\Admin\Settings.php:11

actionwp_headincludes\Admin\Settings.php:12

filterwp_redirectincludes\API\AIContent.php:198

filterwp_redirectincludes\API\AIContent.php:365

filterwp_redirectincludes\API\AIContent.php:427

filterwp_redirectincludes\API\API.php:135

filterwp_redirectincludes\API\Dependencies.php:23

filterwp_redirectincludes\API\LogoGeneration.php:272

actionwp_loadedincludes\Builder\Managers\ConditionManager.php:33

filtertemplate_includeincludes\Builder\Managers\LocationManager.php:41

actionwp_enqueue_scriptsincludes\Builder\Managers\LocationManager.php:47

actionwp_enqueue_scriptsincludes\Builder\Managers\LocationManager.php:48

actionwp_enqueue_scriptsincludes\Builder\Managers\LocationManager.php:49

actionsave_postincludes\Builder\Managers\LocationManager.php:52

actiondelete_postincludes\Builder\Managers\LocationManager.php:53

actiontrash_postincludes\Builder\Managers\LocationManager.php:54

actioninitincludes\Builder\Managers\ThemeCompatibility.php:12

actiontemplately_locationsincludes\Builder\Managers\ThemeCompatibility.php:22

filtertheme_page_templatesincludes\Builder\PageTemplates.php:15

filtertheme_post_templatesincludes\Builder\PageTemplates.php:16

filtertheme_templately_library_templatesincludes\Builder\PageTemplates.php:17

actionin_admin_headerincludes\Builder\Source.php:31

filterpost_row_actionsincludes\Builder\Source.php:36

actionadmin_footerincludes\Builder\Source.php:37

actionget_headerincludes\Builder\TemplateLoader.php:23

actionget_footerincludes\Builder\TemplateLoader.php:24

actionelementor/document/wrapper_attributesincludes\Builder\TemplateLoader.php:25

actiontemplate_redirectincludes\Builder\TemplateLoader.php:26

actiontemplately_builder_header_afterincludes\Builder\TemplateLoader.php:28

actiontemplately_builder_footer_beforeincludes\Builder\TemplateLoader.php:29

actiontemplately_builder_header_beforeincludes\Builder\TemplateLoader.php:34

actiontemplately_builder_footer_beforeincludes\Builder\TemplateLoader.php:35

actionpre_get_postsincludes\Builder\ThemeBuilder.php:50

actionwpincludes\Builder\ThemeBuilder.php:51

actioninitincludes\Builder\ThemeBuilder.php:55

filterelementor/document/configincludes\Builder\ThemeBuilder.php:58

filterelementor/documents/get/post_idincludes\Builder\ThemeBuilder.php:59

actionelementor/widgets/registerincludes\Builder\ThemeBuilder.php:60

filterthe_contentincludes\Builder\ThemeBuilder.php:62

filterget_post_metadataincludes\Builder\ThemeBuilder.php:196

actionwp_footerincludes\Builder\Types\ThemeTemplate.php:32

actionwp_footerincludes\Builder\Types\ThemeTemplate.php:33

actionwp_footerincludes\Builder\Types\ThemeTemplate.php:34

actionadmin_enqueue_scriptsincludes\Core\Admin.php:28

actionload-toplevel_page_templatelyincludes\Core\Admin.php:29

actionadmin_menuincludes\Core\Admin.php:30

actionadmin_initincludes\Core\Admin.php:35

actionadmin_footerincludes\Core\Admin.php:42

actionadmin_initincludes\Core\Importer\FullSiteImport.php:72

filterwp_redirectincludes\Core\Importer\FullSiteImport.php:76

filterhttp_request_host_is_externalincludes\Core\Importer\FullSiteImport.php:80

filterhttp_request_argsincludes\Core\Importer\FullSiteImport.php:81

filterwp_image_editorsincludes\Core\Importer\FullSiteImport.php:222

filterwp_image_editorsincludes\Core\Importer\FullSiteImport.php:465

filterelementor/element/get_child_typeincludes\Core\Importer\FullSiteImport.php:501

filterwp_redirectincludes\Core\Importer\FullSiteImport.php:925

filterupload_mimesincludes\Core\Importer\FullSiteImport.php:939

filterelementor/files/allow_unfiltered_uploadincludes\Core\Importer\FullSiteImport.php:940

actionwp_insert_postincludes\Core\Importer\FullSiteImport.php:1473

actionadd_attachmentincludes\Core\Importer\FullSiteImport.php:1476

actioncreated_termincludes\Core\Importer\FullSiteImport.php:1479

actionregistered_taxonomyincludes\Core\Importer\FullSiteImport.php:1482

actionfluentform/form_importedincludes\Core\Importer\FullSiteImport.php:1485

filtertemplately_import_copy_attachmentincludes\Core\Importer\Runners\Attachments.php:135

filterwp_import_post_data_rawincludes\Core\Importer\Runners\Attachments.php:136

filterwp_import_post_metaincludes\Core\Importer\Runners\Attachments.php:137

filterpre_http_requestincludes\Core\Importer\Runners\Attachments.php:293

filterhttp_responseincludes\Core\Importer\Runners\Attachments.php:294

filterwp_insert_attachment_dataincludes\Core\Importer\Runners\Attachments.php:296

actionadd_attachmentincludes\Core\Importer\Runners\Attachments.php:297

filterwp_update_attachment_metadataincludes\Core\Importer\Runners\Attachments.php:298

actiontemplately_import.finalize_gutenberg_attachmentincludes\Core\Importer\Runners\Finalizer.php:113

actiontemplately_import.process_postincludes\Core\Importer\Runners\WPContent.php:153

actiontemplately_import.process_termincludes\Core\Importer\Runners\WPContent.php:154

actiontemplately_import_startincludes\Core\Importer\Runners\WPContent.php:155

filterimport_post_meta_keyincludes\Core\Importer\WPImport.php:256

filterhttp_request_timeoutincludes\Core\Importer\WPImport.php:259

filterjetpack_sync_known_importersincludes\Core\Importer\WPImport.php:1802

actionadmin_initincludes\Core\Maintenance.php:18

actionadmin_initincludes\Core\Migrator.php:19

actionelementor/preview/enqueue_stylesincludes\Core\Platform\Elementor.php:39

actionelementor/editor/before_enqueue_stylesincludes\Core\Platform\Elementor.php:40

actionelementor/editor/after_enqueue_scriptsincludes\Core\Platform\Elementor.php:41

actionenqueue_block_editor_assetsincludes\Core\Platform\Gutenberg.php:48

actionadmin_footerincludes\Core\Platform\Gutenberg.php:49

actionplugins_loadedincludes\Plugin.php:86

actionrest_api_initincludes\Plugin.php:87

actioninitincludes\Plugin.php:252

Maintenance & Trust

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 25, 2026

PHP min version7.2

Downloads11.3M

Community Trust

Rating100/100

Number of ratings352

Active installs400K

Alternatives

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! Alternatives

Anant Sites — Elementor & Gutenberg Readymade Template Library Free & Pro Templates

ananta-sites

100

Ready Free Templates for Elementor & Gutenberg block editor

1K No CVEs

StillAnotherSite

stillanothersite

100

3,000+ Elementor template blocks and sections with one-click import. Free and premium design blocks to build stunning pages in minutes.

0 No CVEs

Essential Addons for Elementor – Popular Elementor Templates & Widgets

essential-addons-for-elementor-lite

Elementor addon offering 110+ widgets and templates — Elementor Gallery, Slider, Form, Post Grid, Menu, Accordion, WooCommerce & more.

2.0M 56 CVEs

Premium Addons for Elementor – Powerful Elementor Templates & Widgets

premium-addons-for-elementor

Elementor Carousel, Mega Menu, Posts List/Slider, Media Gallery, WooCommerce Widgets, Display Conditions, Premade Templates & more.

700K 35 CVEs

Royal Addons for Elementor – Addons and Templates Kit for Elementor

royal-elementor-addons

Elementor templates, Header footer builder, Elementor Post Grid, Woocommerce Grid builder, Slider, Forms, Gallery, Nav menu addons, Elementor widgets.

600K 1 unpatched

Developer Profile

Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! Developer Profile

WPDeveloper

46 plugins · 4.0M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

163 days

View full developer profile

Detection Fingerprints

How We Detect Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud!

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/templately/assets/css/frontend.css/wp-content/plugins/templately/assets/css/style.css/wp-content/plugins/templately/assets/js/customizer.js/wp-content/plugins/templately/assets/js/frontend.js/wp-content/plugins/templately/assets/js/main.js/wp-content/plugins/templately/assets/js/vendor/vue.min.js

Script Paths

/wp-content/plugins/templately/assets/js/frontend.js/wp-content/plugins/templately/assets/js/main.js/wp-content/plugins/templately/assets/js/vendor/vue.min.js/wp-content/plugins/templately/assets/js/customizer.js

Version Parameters

templately/assets/css/frontend.css?ver=templately/assets/css/style.css?ver=templately/assets/js/customizer.js?ver=templately/assets/js/frontend.js?ver=templately/assets/js/main.js?ver=templately/assets/js/vendor/vue.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

templately-template-librarytemplately-template-cardtemplately-library-listtemplately-search-inputtemplately-filter-buttontemplately-modal-contenttemplately-user-profiletemplately-my-templates+2 more

HTML Comments

+5 more

Data Attributes

data-templately-iddata-templately-typedata-templately-platformdata-templately-slugdata-templately-template-id

JS Globals

window.templately_datawindow.templately_configvar templately_varsvar templately_api_settings

REST Endpoints

/wp-json/templately/v1/templates/wp-json/templately/v1/categories/wp-json/templately/v1/search

Shortcode Output

[templately_library][templately_my_templates][templately_user_profile][templately_search]

FAQ