CVE-2026-3903

The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing nonce validation on the postConfirmOauth function. This makes it possible for unauthenticated attacker...

CVE-2026-3903 Modular Connector <= 2.5.1 - Cross-Site Request Forgery via postConfirmOauth

The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing nonce validation on the postConfirmOauth function. This makes it possible for unauthenticated attacker...

Exploit for CVE-2026-23550

EpSiLoNPoInT- 🔴 EpSiLoNPoInT - CVE-2026-23550 Modular DS Zero-...

CVE-2026-23800 WordPress Modular DS plugin <= 2.5.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0...

CVE-2026-23550 WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through = 2.5.1...

CVE-2026-23550

CVE-2026-23550 pertains to the Modular DS WordPress plugin (modular-connector) with versions up to and including 2.5.1, where an incorrect privilege assignment creates a broken access control that can lead to privilege escalation. Public documents confirm unauthenticated admin takeover is possibl...

WordPress Modular DS plugin <= 2.5.1 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by Teemu Saarentaus in WordPress Plugin Modular DS versions = 2.5.1...