Mostafa

**Name of the Vulnerable Software and Affected Versions** Slider Revolution versions prior to 7.1.0 **Description** The Slider Revolution plugin for WordPress allows unauthenticated attackers to extract sensitive data, including published password-protected post, page, and product content. This occurs through the 'sliders/stream' endpoint via the `get stream data()` function. **Recommendations** Update to a version later than 7.0.9. As a temporary workaround, restrict access to the `get stream data()` function.

**Name of the Vulnerable Software and Affected Versions** Ovidentia version 6.6.5 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the `field` parameter in a search action. **Recommendations** For Ovidentia version 6.6.5, consider restricting access to the search action or sanitizing input for the `field` parameter to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.