Perceptive Security
SOC/SIEM Consultancy
Hackers exploit Modular DS WordPress plugin flaw for admin access
Published:
15 January 2026 at 20:49:50
Alert date:
15 January 2026 at 22:02:37
Source:
bleepingcomputer.com
Web Technologies, Zero-Day Vulnerabilities, Identity & Access
Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows remote authentication bypass and admin-level access to vulnerable sites. The vulnerability is being exploited in the wild to gain administrative privileges on WordPress websites running the affected plugin.
Technical details
CVE-2026-23550 is caused by design and implementation flaws including accepting requests as trusted when 'direct request' mode is activated without cryptographic verification of origin. The vulnerability exposes sensitive routes and activates automatic admin login fallback mechanism. In AuthController.php method getLogin(), when no specific user ID is provided in request body, the plugin fetches existing admin or super admin user and automatically logs in as that user. The flaw allows unauthenticated users to access privileged functionality and achieve immediate privilege escalation to admin-level access.
Mitigation steps:
Upgrade Modular DS to version 2.5.2 or later immediately. Review server access logs for suspicious requests. Check admin users for rogue additions. Regenerate all WordPress salts after updating to the most recent version.
Affected products:
Modular DS WordPress plugin versions 2.5.1 and older
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-23550
https://help.modulards.com/en/article/modular-ds-security-release-modular-connector-252-dm3mv0/
https://patchstack.com/articles/critical-privilege-escalation-vulnerability-in-modular-ds-plugin-affecting-40k-sites-exploited-in-the-wild/
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.