CVE Catalog

CVE-2026-10823

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.15%

4th percentile — higher than 4% of all known CVEs

Summary

The YMC Filter WordPress plugin before version 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.

Risk Assessment

The organization is at risk of leaking confidential content such as draft articles, private posts, or other unpublished data, which may lead to a breach of confidentiality and loss of information control.

Recommendation

Immediately update the YMC Filter plugin to version 3.11.3 or later, which includes fixes for authorization and parameter validation.

Original NVD description (English source)

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS