CVE-2019-14695: SQL Injection
First published: Tue Aug 06 2019(Updated: )
A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sygnoos Popup Builder | <3.45 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-14695?
CVE-2019-14695 is a SQL injection vulnerability in the Sygnoos Popup Builder plugin before version 3.45 for WordPress.
How does the SQL injection vulnerability in Sygnoos Popup Builder plugin work?
The SQL injection vulnerability in Sygnoos Popup Builder plugin allows a remote attacker to execute arbitrary SQL commands via com/libs/Table.php.
What is the severity of CVE-2019-14695?
CVE-2019-14695 has a severity rating of 9.8 (Critical).
How can I fix the SQL injection vulnerability in Sygnoos Popup Builder plugin?
Update to version 3.45 or newer of the Sygnoos Popup Builder plugin for WordPress.
Where can I find more information about CVE-2019-14695?
You can find more information about CVE-2019-14695 at the following references: [FortiGuard](https://fortiguard.com/zeroday/FG-VD-19-102), [WordPress Plugin Directory](https://wordpress.org/plugins/popup-builder/#developers), [WPScan Vulnerability Database](https://wpvulndb.com/vulnerabilities/9495).
- collector/nvd-index
- vendor/sygnoos
- canonical/sygnoos popup builder