Because of these vulnerabilities in fs-admin/fs-admin.php, the authenticated users can execute arbitrary SQL commands via the “usergroup” parameter in an add_user_togroup action or “add_forum_group_id” parameter in an add_forum_submit action.
Update the plugin.