cleantalk
Vulnerabilities and Security Researches

WP FullCalendar, CVE-2026-22351

CVE, Research URL

CVE-2026-22351

Home page URL

Security reports for WP FullCalendar

Application

WP FullCalendar

Published on
Feb 20, 2026
Research Description
Missing Authorization vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP FullCalendar: from n/a through <= 1.6.
Affected versions
max 1.6.
Status
vulnerable
Previous vulnerability researches
WP FullCalendar (CVE-2025-22261) , Jan 08, 2025
WP FullCalendar (CVE-2022-3891) , Jun 07, 2024
WP FullCalendar (CVE-2026-24523) , Jan 28, 2026
WP FullCalendar (CVE-2026-22351) , Feb 28, 2026
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026