Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Unauthenticated network REST request (AV:N/AC:L/PR:N/UI:N) discloses non-public post content (C:H) with no integrity or availability impact (I:N/A:N).
Primary rating from Vendor (WPScan).
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts.
Articles & Coverage 1
AnalysisAI
Information disclosure in the YMC Filter WordPress plugin before 3.11.3 lets unauthenticated remote attackers read the titles and content of private, draft, and other non-public posts by abusing a REST API endpoint that lacks proper authorization and fails to validate a user-supplied query parameter. WPScan reported the flaw, a public exploit exists, and a vendor patch is available; the CVSS 3.1 score is 7.5 reflecting high confidentiality impact with no integrity or availability effect.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires only that the vulnerable YMC Filter plugin (version below 3.11.3) be installed and active on an internet-reachable WordPress site with its REST API accessible; per the CVSS vector AV:N/AC:L/PR:N/UI:N there is no authentication, no user interaction, and no special non-default configuration required - the specific prerequisite is reaching the plugin's unauthorized REST endpoint and supplying the unvalidated query parameter. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N is internally consistent with the description: network-reachable, low-complexity, no privileges, no user interaction, and confidentiality-only impact (no data modification or denial of service), yielding 7.5 (High). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker enumerates a WordPress site, identifies the YMC Filter plugin, and sends a crafted unauthenticated request to its REST API endpoint with a manipulated query parameter. Because a public exploit exists and no authentication or user interaction is required, the attacker scripts the request to retrieve the titles and bodies of private and draft posts - for example harvesting embargoed announcements, unpublished articles, or internal content - across many sites at scale. |
| Remediation | Vendor-released patch: upgrade the YMC Filter plugin to version 3.11.3 or later, which is the primary and recommended fix; consult the WPScan advisory at https://wpscan.com/vulnerability/b55ebf9e-a05d-4ae4-b653-da7db63e76d2/ for confirmation. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all WordPress installations using the YMC Filter plugin and document current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Ymc Filter
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39624
GHSA-cxq8-qm2q-phgj