CVE-2026-22351

Missing Authorization vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through = 1.6...

WordPress WP FullCalendar plugin <= 1.6 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin WP FullCalendar versions = 1.6...

CVE-2026-24523

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...

CVE-2026-24523

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...

CVE-2026-24523

The CVE-2026-24523 entry concerns the WordPress WP FullCalendar plugin (versions up to and including 1.6) where embedded sensitive data is exposed to an unauthorized control sphere. The issue originates from information disclosure that enables retrieval of embedded sensitive data, affecting WP Fu...

CVE-2026-24523 WordPress WP FullCalendar plugin <= 1.6 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through = 1.6...

WordPress plugin WP FullCalendar 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WP FullCalendar, which...

CVE-2025-22261 WordPress WP FullCalendar plugin <= 1.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Marcus aka @msykes WP FullCalendar wp-fullcalendar allows Stored XSS.This issue affects WP FullCalendar: from n/a through = 1.5...

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. PoC Open the below URL as an...