CVE-2026-24523

Publication date

2026-01-23 14:28:48

Family

Patchstack

State

PUBLISHED

Description

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Marcus (aka @msykes) WP FullCalendar wp-fullcalendar allows Retrieve Embedded Sensitive Data.This issue affects WP FullCalendar: from n/a through <= 1.6.