CyberSec.Space Logo
Back to CVE Browser

CVE-2019-14695

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0890%
EPSS Percentile20.28th
PublishedAug 6, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A SQL injection vulnerability exists in the Sygnoos Popup Builder plugin before 3.45 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system via com/libs/Table.php because Subscribers Table ordering is mishandled.

Affected Platforms (CPE)

πŸ“¦
Sygnoos

Popup Builder

< 3.45

References & Advisories

πŸ”— https://fortiguard.com/zeroday/FG-VD-19-102
πŸ”— https://wordpress.org/plugins/popup-builder/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9495
πŸ”— https://fortiguard.com/zeroday/FG-VD-19-102
πŸ”— https://wordpress.org/plugins/popup-builder/#developers
πŸ”— https://wpvulndb.com/vulnerabilities/9495

Related Vulnerabilities

CVE-2020-90069.8

The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulnerable to SQL injection (in the sgImportPopups function in sg_...

CVE-2021-250828.8

The Popup Builder WordPress plugin before 4.0.7 does not validate and sanitise the sgpb_type parameter before using it in a requir...

CVE-2020-101956.3

The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modification, leading to in-scope ...

CVE-2020-101966.1

An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers to inject arbitrary JavaScrip...