Description
The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.
Published: 2026-06-26
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The YMC Filter WordPress plugin before version 3.11.3 contains an authorization flaw that allows access to a REST API endpoint without authentication. The endpoint accepts a user‑supplied query parameter that is not validated, permitting unauthenticated retrieval of titles and raw content for posts that are normally private, in draft status, or otherwise not publicly accessible. This results in a direct confidentiality breach of non‑public content.

Affected Systems

The vulnerability targets the YMC Filter WordPress plugin, specifically versions released prior to 3.11.3. Site owners or administrators using any earlier release of this plugin are affected, regardless of the hosting environment, as the flaw is inherent to the plugin code rather than the server configuration.

Risk and Exploitability

An EPSS score of < 1% indicates a very low but non‑zero probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the endpoint is unauthenticated, any user who can reach the WordPress site can potentially enumerate private or draft posts. While the exploit does not require elevated privileges or code execution, it compromises the confidentiality of content that should remain hidden from the public. The CVSS score of 7.5 still indicates high severity.

Generated by OpenCVE AI on June 26, 2026 at 15:07 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the YMC Filter plugin to version 3.11.3 or later, which removes the unauthenticated access flaw
  • If an upgrade is not feasible, deactivate or uninstall the YMC Filter plugin to eliminate the vulnerable endpoint
  • Configure a firewall or WordPress REST API settings to block unauthenticated requests to the YMC Filter endpoints

Generated by OpenCVE AI on June 26, 2026 at 15:07 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 26 Jun 2026 08:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Fri, 26 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Description The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.
Title YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published:

Updated: 2026-06-26T12:17:10.420Z

Reserved: 2026-06-04T08:04:38.962Z

Link: CVE-2026-10823

cve-icon Vulnrichment

Updated: 2026-06-26T12:16:59.788Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T15:15:02Z

Weaknesses