Strix
26.1K

CVE-2026-10823

HIGHCVSS 7.5/10EPSS 0.15%

Last modified

CVE-2026-10823 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.. EPSS estimates a 0.15% chance of exploitation in the next 30 days.

Description

The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.

Metrics

CVSS 3.1
7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Probability
0.15%

4.2th percentile

Probability of exploitation in the next 30 days. Learn more

References

Timeline

Published
Last Modified
Status
Deferred

Frequently Asked Questions

What is CVE-2026-10823?
The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.
How severe is CVE-2026-10823?
CVE-2026-10823 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 0.15% probability of exploitation in the next 30 days.
How do I fix CVE-2026-10823?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-10823?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST