WordPress Branda – White Label & Branding, Custom Login Page Customizer plugin <= 3.4.19 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Branda versions = 3.4.21...

My Calendar < 3.4.22 - Unauthenticated SQL Injection

Description The My Calendar plugin for WordPress is vulnerable to blind|generic|time-based SQL Injection via the 'from' and 'to' parameters of the '/my-calendar/v1/events' rest route in all versions up to, and including, 3.4.21 due to insufficient escaping on the user supplied parameter and lack ...