Product
A time-based blind SQL Injection vulnerability exists in the My Calendar - Accessible Event Manager plugin for WordPress, affecting all versions up to and including 3.7.8. This flaw, located in the 'mc_auth' parameter, stems from insufficient input sanitization and improper SQL query preparation, allowing unauthenticated attackers to inject additional SQL queries to extract sensitive information from the underlying database.