cleantalk
Vulnerabilities and Security Researches

WP FullCalendar, CVE-2026-24523

CVE, Research URL

CVE-2026-24523

Home page URL

Security reports for WP FullCalendar

Application

WP FullCalendar

Published on
Jan 23, 2026
Research Description
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6.
Affected versions
max 1.6.
Status
vulnerable
Previous vulnerability researches
WP FullCalendar (CVE-2025-22261) , Jan 08, 2025
WP FullCalendar (CVE-2022-3891) , Jun 07, 2024
WP FullCalendar (CVE-2026-24523) , Jan 28, 2026
WP FullCalendar (CVE-2026-22351) , Feb 28, 2026
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026