- Patchstack found critical Modular DS flaw (CVE-2026-23550) allowing admin bypass
- Vulnerability scored 10/10 and is already being exploited in the wild
- The vendor released a fix in version 2.5.2; users are encouraged to upgrade immediately
If your WordPress site is running the Modular DS plugin, you may want to update to the latest version as soon as possible.
Modular DS is a popular WordPress plugin used by more than 40,000 websites that allows website administrators to manage multiple WordPress websites from a single dashboard.
However, security researchers Patchstack recently discovered that its versions 2.5.1 and earlier had design and implementation vulnerabilities that exposed several vulnerable routes and enabled an automatic login reversion mechanism.
Proof of attack
These vulnerabilities include direct route selection, bypassing authentication mechanisms and auto-login as admin, the researchers explained. As a result, malicious actors could have bypassed all authentication mechanisms remotely and accessed the compromised websites with an administrator account.
“As soon as the site has already been connected to Modular (tokens present/renewable), anyone can pass the authentication middleware: there is no cryptographic connection between the incoming request and Modular itself,” explained Patchstacak.
“This reveals multiple routes […] which makes it possible to perform various actions, from remote login to obtaining sensitive system or user data.”
The vulnerability is now tracked as CVE-2026-23550 and given a severity score of 10/10 (Critical).
In its write-up, Patchstack said that the flaw is already being exploited in the wild and that the first attacks were detected on January 13, 2026, citing the WP.one Support Engineers team. The Modular DS vendor was notified on January 14th (one day after the first attacks were confirmed) and it came back with a fix “just a few hours later.”
The fix brought Modular DS to version 2.5.2 and users are now advised to upgrade without delay.
“We strongly recommend that all Modular DS installations ensure they run this release as soon as possible and take the following actions,” Modular DS said in a security advisory.
The recommended actions include reviewing potential indicators of compromise (which may be found here), regenerating WordPress salts, regenerating OAuth credentials, and scanning the site for malicious plugins or files.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
