CVE-2020-36705
published 2023-06-07CVE-2020-36705: The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in…
PriorityP184critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
6.94%
93.3th percentile
The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tunafish | adning_advertising | <= 1.5.5 | — |
| tunasite | adning_advertising | < 1.5.6 | 1.5.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect vulnerable Adning Advertising plugin by matching the version string in page body: look for 'Ads on this site are served by Adning v<version>' and confirm version is less than 1.5.6 ↗
- →Confirm vulnerable instance by checking HTTP 200 response body contains both 'served by Adning' and 'adning.com', combined with version < 1.5.6 ↗
- →The vulnerable function is _ning_upload_image — monitor for unauthenticated POST requests invoking this function for arbitrary file upload attempts ↗
- →The vulnerability is actively exploited in the wild (high EPSS score: 0.89502, 99.5th percentile); prioritize detection and patching ↗
- ·Detection via passive page-body regex only works if the Adning plugin renders its version string in the HTML output; sites with caching or hardened configurations may suppress this string ↗
- ·The Nuclei template uses a single GET to the base URL with host-redirect following (max 2 redirects); detection may miss instances behind aggressive redirect chains or WAFs ↗
- ·The vulnerability affects all versions up to and including 1.5.5; the fix was introduced in 1.5.6 — version comparison must use strict less-than 1.5.6 ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Adning Advertising Plugin up to 1.5.5 on WordPress _ning_upload_image unrestricted upload
vuldb·2026-04-09·CVSS 9.8
CVE-2020-36705 [CRITICAL] Adning Advertising Plugin up to 1.5.5 on WordPress _ning_upload_image unrestricted upload
A vulnerability was found in Adning Advertising Plugin up to 1.5.5 on WordPress. It has been rated as critical. The impacted element is the function _ning_upload_image. This manipulation causes unrestricted upload.
This vulnerability is tracked as CVE-2020-36705. The attack is possible to be carried out remotely. Moreover, an exploit is present.
GHSA
GHSA-mjvv-fcgj-hpr2: The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image func
ghsa_unreviewed·2023-06-07
CVE-2020-36705 [CRITICAL] CWE-434 GHSA-mjvv-fcgj-hpr2: The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image func
The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
VulnCheck
tunasite adning_advertising Unrestricted Upload of File with Dangerous Type
vulncheck·2020·CVSS 9.8
CVE-2020-36705 [CRITICAL] tunasite adning_advertising Unrestricted Upload of File with Dangerous Type
tunasite adning_advertising Unrestricted Upload of File with Dangerous Type
The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Affected: tunasite adning_advertising
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/angwp/adning-advertising-155-arbitrary-file-upload
No detection rules found.
Nuclei
Adning Advertising <= 1.5.5 - Arbitrary File Upload
nuclei·CVSS 9.8
CVE-2020-36705 [CRITICAL] Adning Advertising <= 1.5.5 - Arbitrary File Upload
Adning Advertising <= 1.5.5 - Arbitrary File Upload
The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.
Template:
id: CVE-2020-36705
info:
name: Adning Advertising <= 1.5.5 - Arbitrary File Upload
author: DhiyaneshDK
severity: critical
description: |
The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attacke
No writeups or analysis indexed.
https://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830chttps://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cvehttps://blog.nintechnet.com/critical-vulnerability-in-adning-advertising-plugin-actively-exploited-in-the-wild/https://codecanyon.net/item/wp-pro-advertising-system-all-in-one-ad-manager/269693https://wpscan.com/vulnerability/e9873fe3-fc06-4a52-aa32-6922cab7830chttps://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/https://www.wordfence.com/threat-intel/vulnerabilities/id/4a263b74-e9ae-4fd2-be9b-9b8e9eee5982?source=cve
2023-06-07
Published
Exploited in the wild