CVE-2026-10823

UNKNOWN 0.0

YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.

Vendor	unknown
Product	ymc filter
Published	Jun 26, 2026

Stay Ahead of the Next One

Get instant alerts for unknown ymc filter

Be the first to know when new unknown vulnerabilities affecting unknown ymc filter are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Unknown / YMC Filter

0 < 3.11.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wpscan.com: https://wpscan.com/vulnerability/b55ebf9e-a05d-4ae4-b653-da7db63e76d2/

Credits

Ahmed Hashim Ismael WPScan