CVE-2019-14695

Name of the Vulnerable Software and Affected Versions Sygnoos Popup Builder plugin versions prior to 3.45

Description A SQL injection issue exists due to the mishandling of Subscribers Table ordering in com/libs/Table.php, allowing a remote attacker to execute arbitrary SQL commands on the affected system.

Recommendations For versions prior to 3.45, update to version 3.45 or later to resolve the issue. As a temporary workaround, consider restricting access to the com/libs/Table.php file until a patch is applied. Avoid using the Subscribers Table ordering feature in the affected plugin until the issue is resolved.