CVE-2020-36728

MEDIUM EXPLOITED NUCLEI

Adning Advertising <1.5.5 - Path Traversal

Title source: llm

Description

The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.

Nuclei Templates (1)

WordPress Plugin Adning Advertising < 1.5.6 - Arbitrary File Upload
MEDIUMVERIFIEDby iamnoooob,pdresearch
FOFA: body="served by Adning"

References (4)

Scores

CVSS v3 6.5
EPSS 0.8442
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

VulnCheck KEV 2020-07-07
CWE
CWE-22
Status published
Products (2)
tunafish/Adning Advertising < 1.5.5
tunasite/adning_advertising < 1.5.6
Published Jun 07, 2023
Tracked Since Feb 18, 2026