WordPress Plugin Vulnerabilities

Adning Advertising < 1.5.6 - Unauthenticated Arbitrary File Upload/Deletion

Description

The issue is being actively exploited, and could allow unauthorised attackers to upload/delete arbitrary files.

Affects Plugins

Plugin icon
angwp
Fixed in 1.5.6

References

CVE
CVE-2020-36728
Exploitdb
49332
URL
https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693
URL
https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/
URL
https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
10.0 (critical)

Miscellaneous

Verified
No
WPVDB ID
e9873fe3-fc06-4a52-aa32-6922cab7830c

Timeline

Publicly Published
2020-07-07 (about 3 years ago)
Added
2020-07-07 (about 3 years ago)
Last Updated
2023-06-08 (about 11 months ago)

Other

Published
Title
Published
2021-10-26
Title
Bulk Datetime Change < 1.12 - Missing Authorisation
Published
2023-10-16
Title
Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion
Published
2024-03-19
Title
Coming Soon & Maintenance Mode by Colorlib <= 1.0.99 - Information Exposure
Published
2024-02-16
Title
My Private Site < 3.1.0 - Improper Access Control to Sensitive Information Exposure via REST API
Published
2021-01-28
Title
uListing < 1.7 - Unauthenticated Arbitrary Account Change