Medium severity6.5NVD Advisory· Published Jun 7, 2023· Updated Jun 17, 2026
CVE-2020-36728
CVE-2020-36728
Description
The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.
Affected products
2- cpe:2.3:a:tunasite:adning_advertising:*:*:*:*:*:wordpress:*:*Range: <1.5.6
- Range: <=1.5.5
Patches
Vulnerability mechanics
References
4- www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/nvdExploitThird Party Advisory
- blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/nvdThird Party Advisory
- www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5nvdThird Party Advisory
- codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693nvdProduct
News mentions
0No linked articles in our index yet.