Tunasite Adning Advertising vulnerabilities
2 known vulnerabilities affecting tunasite/adning_advertising.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2020-36705P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.5.62023-06-07
CVE-2020-36705 [CRITICAL] CWE-434 CVE-2020-36705: The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing f
The Adning Advertising plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the _ning_upload_image function in versions up to, and including, 1.5.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible
nvd
CVE-2020-36728P1CRITICALCVSS 9.8ExploitedPoCfixed in 1.5.62023-06-07
CVE-2020-36728 [CRITICAL] CWE-22 CVE-2020-36728: The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in ver
The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in versions up to, and including, 1.5.5. This allows unauthenticated attackers to delete arbitrary files which can be used to reset and gain full control of a site.
nvd