cleantalk
Vulnerabilities and Security Researches

WP FullCalendar, CVE-2026-22351

CVE, Research URL

CVE-2026-22351

Home page URL

Security reports for WP FullCalendar

Application

WP FullCalendar

Published on
Feb 20, 2026
Research Description
Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through <= 1.6.
Affected versions
max 1.6.
Status
vulnerable
Previous vulnerability researches
Travelfic Toolkit (CVE-2026-24940) , Feb 27, 2026
Travelfic Toolkit (CVE-2025-39585) , Apr 18, 2025
New vulnerability
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026
Bold Page Builder (CVE-2025-12159) , Feb 28, 2026