CVE-2026-40308 | joedolson my-calendar up to 3.7.6 on WordPress mc_ajax_mcjs_action AJAX Endpoint parse_str authorization (GHSA-2mvx-f5qm-v2ch)

A vulnerability classified as critical was found in joedolson my-calendar up to 3.7.6 on WordPress. This issue affects the function parse_str of the component mc_ajax_mcjs_action AJAX Endpoint. The manipulation results in authorization bypass.

This vulnerability is identified as CVE-2026-40308. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More