[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fIcLNcAsUy2T3IhpJ63uioxLGI49itD4dfFveUg6Zhww":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2022-3891","wp-fullcalendar-missing-authorization-to-information-disclosure","WP FullCalendar \u003C= 1.4.1 - Missing Authorization to Information Disclosure","The WP FullCalendar plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to view arbitrary posts and pages regardless of password protection and whether they are private.","wp-fullcalendar",null,"\u003C=1.4.1","1.5","medium",6.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Missing Authorization","2023-01-17 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F27d25885-1a85-40a0-9759-3ae0c8d73d11?source=api-prod",371]