Unauthenticated Privilege Escalation in WordPress Modular DS Plugin Exploited in the Wild
Summary
Hide ▲
Show ▼
A critical vulnerability (CVE-2026-23550, CVSS 10.0) in the WordPress Modular DS plugin, affecting versions up to 2.5.1, is being actively exploited to gain admin access. The flaw allows unauthenticated attackers to bypass authentication and escalate privileges, potentially leading to full site compromise. The issue stems from a combination of design choices, including permissive direct request handling and weak authentication mechanisms. The vulnerability was patched in version 2.5.2, and attacks were first detected on January 13, 2026, originating from specific IP addresses. Users are urged to update immediately to mitigate the risk.
Timeline
-
15.01.2026 17:31 1 articles · 4h ago
Active Exploitation of CVE-2026-23550 in WordPress Modular DS Plugin
On January 13, 2026, attacks exploiting CVE-2026-23550 in the WordPress Modular DS plugin were first detected. The vulnerability allows unauthenticated attackers to bypass authentication and gain admin access, potentially leading to full site compromise. The flaw has been patched in version 2.5.2, and users are urged to update immediately.
Show sources
- Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access — thehackernews.com — 15.01.2026 17:31
Information Snippets
-
The vulnerability, CVE-2026-23550, affects all versions of the Modular DS plugin prior to 2.5.2.
First reported: 15.01.2026 17:311 source, 1 articleShow sources
- Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access — thehackernews.com — 15.01.2026 17:31
-
The flaw allows unauthenticated privilege escalation by bypassing authentication mechanisms.
First reported: 15.01.2026 17:311 source, 1 articleShow sources
- Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access — thehackernews.com — 15.01.2026 17:31
-
The issue is rooted in the plugin's routing mechanism, which can be bypassed by manipulating the 'origin' and 'type' parameters.
First reported: 15.01.2026 17:311 source, 1 articleShow sources
- Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access — thehackernews.com — 15.01.2026 17:31
-
Exploits have been detected since January 13, 2026, with attacks originating from IP addresses 45.11.89[.]19 and 185.196.0[.]11.
First reported: 15.01.2026 17:311 source, 1 articleShow sources
- Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access — thehackernews.com — 15.01.2026 17:31
-
The vulnerability enables attackers to perform actions such as remote login and obtaining sensitive system or user data.
First reported: 15.01.2026 17:311 source, 1 articleShow sources
- Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access — thehackernews.com — 15.01.2026 17:31