Vulnerability Description
The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tunasite | Adning Advertising | < 1.5.6 |
Related Weaknesses (CWE)
References
- https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-Third Party Advisory
- https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/2696Product
- https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adninExploitThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1bThird Party Advisory
- https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-Third Party Advisory
- https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/2696Product
- https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adninExploitThird Party Advisory
- https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1bThird Party Advisory
FAQ
What is CVE-2020-36728?
CVE-2020-36728 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files w...
How severe is CVE-2020-36728?
CVE-2020-36728 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-36728?
Check the references section above for vendor advisories and patch information. Affected products include: Tunasite Adning Advertising.