Skip to main content

Filter Grids EUVDEUVD-2026-11913

| CVE-2026-32397 MEDIUM
Missing Authorization (CWE-862)
2026-03-13 Patchstack
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Mar 13, 2026 - 16:57 euvd
EUVD-2026-11913
Analysis Generated
Mar 13, 2026 - 16:57 vuln.today
CVE Published
Mar 13, 2026 - 11:42 nvd
MEDIUM 5.3

DescriptionCVE.org

Missing Authorization vulnerability in YMC Filter & Grids ymc-smart-filter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filter & Grids: from n/a through <= 3.5.1.

AnalysisAI

YMC Filter & Grids through version 3.5.1 contains an authorization bypass that allows unauthenticated remote attackers to modify data due to improperly configured access controls. The vulnerability affects the smart-filter component and could enable unauthorized alterations to filtered content or grid configurations without requiring user interaction or privileges.

Technical ContextAI

YMC Filter & Grids is a WordPress plugin providing advanced filtering and grid display functionality (CPE: cpe:2.3:a:ymc:filter_and_grids). The vulnerability stems from CWE-862 (Missing Authorization), a class of authorization flaws where the application fails to enforce proper access control checks on sensitive operations. The plugin improperly configures security levels for its smart filter functionality, allowing HTTP requests to reach sensitive endpoints without validating user permissions or authentication tokens. This is a typical authorization bypass in plugin architecture where REST endpoints or AJAX handlers lack capability checks (wp_verify_nonce or current_user_can() in WordPress context), permitting unauthenticated or low-privileged users to execute restricted actions intended only for administrators or authenticated users.

RemediationAI

Immediately upgrade YMC Filter & Grids to the first patched version released after 3.5.1 by visiting the WordPress plugin repository or the vendor's official website. If an immediate upgrade is not possible, implement access control at the web server or WordPress security plugin level by adding capability checks (wp_verify_nonce and current_user_can checks) to all filter endpoints via a custom code snippet or security plugin such as Wordfence or Sucuri. Additionally, restrict direct access to plugin REST endpoints via .htaccess or nginx rules limiting requests to authenticated users only, and consider temporarily disabling the plugin if it is not actively in use until a patch is confirmed and tested in a staging environment.

Share

EUVD-2026-11913 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy