Nhật Nam

**Name of the Vulnerable Software and Affected Versions** Slide Anything WordPress plugin versions prior to 2.3.47 **Description** The issue arises from the improper sanitization or escaping of the slide title before it is outputted in the admin pages. This allows a logged-in user with roles as low as Author to inject a JavaScript payload into the slide title, even when the unfiltered html capability is disabled. **Recommendations** For versions prior to 2.3.47, update to version 2.3.47 or later to resolve the issue. As a temporary workaround, consider restricting the ability to edit slide titles to higher roles until the update can be applied.

**Name of the Vulnerable Software and Affected Versions** The Team WordPress plugin versions prior to 4.1.2 **Description** The issue allows any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user. **Recommendations** For versions prior to 4.1.2, update to version 4.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable file to minimize the risk of exploitation.