Channchan

**Name of the Vulnerable Software and Affected Versions** WordPress Newsletter Plugin version 1.6.4 and earlier **Description** The issue is related to an open redirect problem. It occurs because the `to` parameter is not validated before redirecting the user to its given value. **Recommendations** For WordPress Newsletter Plugin version 1.6.4 and earlier, update to version 1.6.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Asgaros Forum WordPress plugin versions prior to 1.15.15 **Description** The issue arises from the lack of validation or escaping of the `forum id` parameter before its use in a SQL statement when editing a forum, leading to an SQL injection issue. **Recommendations** For versions prior to 1.15.15, update to version 1.15.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the forum editing functionality to minimize the risk of exploitation.