Nguyen Hung Tuan

**Name of the Vulnerable Software and Affected Versions** WordPress Simple Ads Manager plugin versions 2.5.94 through 2.5.96 **Description** The issue allows remote attackers to obtain sensitive information. **Recommendations** For WordPress Simple Ads Manager plugin versions 2.5.94 through 2.5.96, update to a version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Sefrengo versions prior to 1.6.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `sefrengo` cookie in a login to "backend/main.php" or remote authenticated users to execute arbitrary SQL commands via the `value id` parameter in a "save value" action to "backend/main.php". **Recommendations** For versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the "backend/main.php" endpoint and validating user input for the `value id` parameter and `sefrengo` cookie to minimize the risk of exploitation.