Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.5
WP FullCalendar allows unauthorized access to events
CVE-2026-22351
Summary
Some events in WP FullCalendar may be visible to users who shouldn't see them. This is because the security settings weren't properly configured. To fix this, update to the latest version of WP FullCalendar, as the issue has been addressed in version 1.7.
Original title
Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalenda...
Original description
Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through <= 1.6.
nvd CVSS3.1
6.5
Vulnerability type
CWE-862
Missing Authorization
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026