Ryoma Yamada

**Name of the Vulnerable Software and Affected Versions** The Simple:Press Forum WordPress plugin versions prior to 6.10.11 **Description** The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a `parameter` is not properly sanitised and escaped before being outputted back in the page. **Recommendations** For versions prior to 6.10.11, update to version 6.10.11 or later to resolve the issue. As a temporary workaround, consider restricting the output of unsanitised parameters to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** The Taskbuilder WordPress plugin versions prior to 3.0.5 **Description** The issue allows high privilege users, such as admins, to perform SQL Injection attacks due to the lack of sanitization of user input into the `load orders` parameter, which is then used in a SQL statement. **Recommendations** For versions prior to 3.0.5, update to version 3.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the `load orders` parameter to minimize the risk of exploitation.