CVE-2022-3891

Name of the Vulnerable Software and Affected Versions WP FullCalendar WordPress plugin versions prior to 1.5

Description The issue allows unauthenticated attackers to access the content of arbitrary posts, including draft, private, and password-protected ones, due to insufficient checks on posts retrieved via an AJAX action.

Recommendations For WP FullCalendar WordPress plugin versions prior to 1.5, update to version 1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX endpoint used for post retrieval until the update is applied.