wpfc_qtip_content
AJAX action, which makes it possible for authenticated attackers with a role as low as subscriber to extract sensitive data including post content of a draft, private or password-protected post. WP FullCalendar by Pixelite <= 1.4.1 - Missing Authorization to Unauthenticated Sensitive Data Disclosure
REPORT ID: 39257d15-6be4-437e-be5b-303707f071d2
The plugin contains a Missing Authorization vulnerability due to a missing capability check in the
You need to log in to view the vulnerability details.