A critical security flaw in the Modular DS WordPress plugin has been actively exploited, allowing attackers to escalate privileges to administrator level. Users are urged to update to version 2.5.2 to patch the vulnerability. #CVE-2026-23550 #ModularDS #WordPressSecurity
Keypoints
- The vulnerability CVE-2026-23550 affects all versions of the Modular DS plugin prior to 2.5.2.
- It allows unauthenticated attackers to bypass security and gain administrator access through routing flaws.
- Exploits involve bypassing authentication mechanisms by manipulating request parameters like βoriginβ and βtypeβ.
- The flaw exposes sensitive routes, including login, server info, management, and backups, increasing the risk of full site compromise.
- Active attacks started appearing on January 13, 2026, with attackers attempting to create admin users remotely.
Read More: https://thehackernews.com/2026/01/critical-wordpress-modular-ds-plugin.html