CVE-2022-3891
The CVE-2022-3891 entry concerns the WP FullCalendar WordPress plugin (pre-1.5). The vulnerability arises from insufficient access control on an AJAX endpoint, allowing unauthenticated attackers to retrieve content from arbitrary posts, including draft, private, or password-protected ones. Impact...