CVE-2026-10823
Received Received - Intake
Unauthenticated Post Content Exposure in YMC Filter WordPress Plugin

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: WPScan

Description
The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-10823
EUVD
EUVD-2026-39624
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
ymc smart_filter to 3.11.3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-10823 vulnerability affects the YMC Smart Filter WordPress plugin versions prior to 3.11.3. It occurs because the plugin does not properly authorize access to one of its REST API endpoints and fails to validate a user-supplied query parameter.

This flaw allows unauthenticated attackers to send specially crafted requests to the public filter REST endpoint, using parameters such as "post_status":"private" or "post_status":"draft", to retrieve the titles and content of private, draft, and other non-public posts.

Impact Analysis

This vulnerability can lead to sensitive data disclosure by allowing unauthorized users to access private and draft content that should not be publicly available.

Attackers can exploit this flaw to obtain confidential information stored in non-public posts, potentially leading to data breaches, loss of privacy, and damage to reputation.

Detection Guidance

This vulnerability can be detected by sending crafted requests to the vulnerable REST API endpoint of the YMC Smart Filter WordPress plugin to check if private or draft posts can be accessed without authentication.

A typical detection command would involve using curl or similar HTTP clients to send a request with parameters like "post_status=private" or "post_status=draft" to the public filter REST endpoint and observing if non-public post titles or content are returned.

  • curl -X GET "https://yourwordpresssite.com/wp-json/ymc-smart-filter/v1/filter?post_status=private"
  • curl -X GET "https://yourwordpresssite.com/wp-json/ymc-smart-filter/v1/filter?post_status=draft"

If these requests return titles or content of private or draft posts without authentication, the system is vulnerable.

Mitigation Strategies

The immediate step to mitigate this vulnerability is to update the YMC Smart Filter WordPress plugin to version 3.11.3 or later, where the issue has been fixed.

Until the update can be applied, consider restricting access to the vulnerable REST API endpoint by implementing authentication or firewall rules to block unauthenticated requests to the endpoint.

Additionally, monitor your logs for suspicious requests targeting the REST API filter endpoint with parameters like "post_status=private" or "post_status=draft".

Compliance Impact

This vulnerability allows unauthenticated attackers to access private, draft, and other non-public posts, leading to sensitive data disclosure.

Such unauthorized disclosure of sensitive or private information can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require proper access controls and protection of personal or sensitive data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10823. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart