← Back

Wp Fullcalendar

wp_fullcalendar

Vendor: Pixelite • 1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-3891
1Pixelite
1Wp Fullcalendar
Mar 21, 2025
Feb 13, 2023
N/A· v4
5.3 MEDIUM· v3
N/A· v2
The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the conte...Show more
The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones.Show less