Access Control Flaw in YMC Filter WordPress Plugin by YMC
CVE-2026-10823

Currently unrated

Key Information:

Vendor: WordPress
Status: Ymc Filter
Vendor: CVE Published:; 26 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2026-10823?

The YMC Filter WordPress plugin prior to version 3.11.3 suffers from a critical access control vulnerability. It fails to properly authorize requests to a REST API endpoint, allowing unauthorized users to exploit this flaw. Attackers can leverage this vulnerability to access and retrieve the titles and content of private, draft, and other non-public posts, potentially leading to data exposure and privacy violations.

Affected Version(s)

YMC Filter 0 < 3.11.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-10823 - Proof of Concept

References

https://wpscan.com/vulnerability/b55ebf9e-a05d-4ae4-b653-...

exploitvdb-entrytechnical-description

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 26, 2026
👾
Exploit known to exist
Jun 26, 2026
Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 4, 2026

Credit

Ahmed Hashim Ismael

WPScan

CVE-2026-10823 Data

JSON