CVE-2020-36728
The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- June 06, 2023
- Published Date
- June 07, 2023
- Last Updated
- December 28, 2024
- Vendor
- tunafish
- Product
- Adning Advertising
- Description
- The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.
- Tags
- Exploitation
- none
- Automatable
- Yes
- Technical Impact
- partial
- Exploited in the Wild
- Yes (2026-01-05 00:00:00 UTC) Source
nuclei_scanner
CVSS Scores
CVSS v3.1
6.5 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
SSVC Information
Exploit Status
References
https://www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve
https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2026-01-05 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-36728.yaml | 2025-06-02 14:11:03 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nuclei
-
Added to KEVIntel