CVE-2026-10823
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk4th percentile — higher than 4% of all known CVEs
Summary
The YMC Filter WordPress plugin before version 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.
Risk Assessment
The organization is at risk of leaking confidential content such as draft articles, private posts, or other unpublished data, which may lead to a breach of confidentiality and loss of information control.
Recommendation
Immediately update the YMC Filter plugin to version 3.11.3 or later, which includes fixes for authorization and parameter validation.
Original NVD description (English source)
The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.

