Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:20 a.m.13 views

CVE-2022-3891

The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected...

5.3CVSS6.8AI score0.00694EPSS
Exploits2References1
OSV
OSV
added 2023/02/13 3:15 p.m.2 views

CVE-2022-3891

The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected...

5.3CVSS5.9AI score
Exploits0References1
CVE
CVE
added 2023/02/13 2:32 p.m.55 views

CVE-2022-3891

The CVE-2022-3891 entry concerns the WP FullCalendar WordPress plugin (pre-1.5). The vulnerability arises from insufficient access control on an AJAX endpoint, allowing unauthenticated attackers to retrieve content from arbitrary posts, including draft, private, or password-protected ones. Impact...

5.3CVSS5.3AI score0.00694EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/01/17 12:0 a.m.16 views

WordPress WP FullCalendar Plugin <= 1.4.1 is vulnerable to Broken Access Control

Software WP FullCalendar Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2022-3891 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID ab1743664bc8 Credits Lana Codes Required...

5.3CVSS6.5AI score0.00694EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder