Lucene search

WordfenceCVELIST:CVE-2020-36728

HistoryJun 07, 2023 - 12:43 p.m.

CVE-2020-36728

2023-06-0712:43:13

Wordfence

www.cve.org

adning advertising

wordpress

vulnerability

file deletion

path traversal

unauthenticated attackers

arbitrary files

full control

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.

CNA Affected

[
  {
    "vendor": "tunafish",
    "product": "Adning Advertising",
    "versions": [
      {
        "version": "*",
        "status": "affected",
        "lessThanOrEqual": "1.5.5",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/

codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693

www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/

www.wordfence.com/threat-intel/vulnerabilities/id/e7506429-7f8a-45b5-b1b0-6fdb39599ee5?source=cve

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

9.7 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.8%

JSON

Related for CVELIST:CVE-2020-36728