CVE-2020-36728

MEDIUM EXPLOITED NUCLEI

Adning Advertising <1.5.5 - Path Traversal

Title source: llm

Exploitation Summary

CVE-2020-36728 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.

Nuclei Templates (1)

WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload

MEDIUMVERIFIEDby iamnoooob,pdresearch

FOFA: body="served by Adning"

References (4)

Core 4

Core References

Third Party Advisory

https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/

Product

https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693

Exploit, Third Party Advisory

https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve

Scores

CVSS v3 6.5

EPSS 0.0316

EPSS Percentile 86.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

VulnCheck KEV 2020-07-07

CWE

CWE-22

Status published

Products (2)

tunafish/Adning Advertising < 1.5.5

tunasite/adning_advertising < 1.5.6

Published Jun 07, 2023

Tracked Since Feb 18, 2026