CVE-2026-23550
published 2026-01-14CVE-2026-23550: Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a…
PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
20.63%
97.2th percentile
Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| modular_ds | modular_ds | <= 2.5.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/index.php/api/modular-connector/login/{{string}}?origin=mo&type=foo
url{{BaseURL}}/api/modular-connector/login/{{string}}?origin=mo&type=foo
path/plugins/modular-connector/
cookiewordpress_logged_in
yara
id: CVE-2026-23550
info:
name: Modular DS - Broken Access Control
author: DhiyaneshDk
severity: high
http:
- method: GET
path:
- "{{BaseURL}}/index.php/api/modular-connector/login/{{string}}?origin=mo&type=foo"
- "{{BaseURL}}/api/modular-connector/login/{{string}}?origin=mo&type=foo"
matchers:
- type: dsl
dsl:
- status_code == 302
- contains(header, "wordpress_logged_in")
condition: and- →Exploitation traffic targets the /api/modular-connector/login/ endpoint with query parameters origin=mo and type=foo; a successful exploit returns HTTP 302 with a Set-Cookie header containing 'wordpress_logged_in'.
- →First active exploitation was detected on January 13 around 02:00 UTC; monitor server access logs for requests to the /api/modular-connector/login/ route from that date onward. ↗
- →After exploitation, check WordPress admin user list for rogue admin accounts added by unauthenticated attackers leveraging the automatic admin login fallback mechanism. ↗
- →The exploit works by sending a request with 'direct request' mode activated and no user ID in the request body, causing the plugin to automatically fetch and log in as an existing admin or super admin user. ↗
- →FOFA fingerprint for identifying exposed Modular DS instances: search for body containing '/plugins/modular-connector/'.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7hjg-42gh-8j3v: Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation
ghsa_unreviewed·2026-01-14
CVE-2026-23550 [CRITICAL] CWE-266 GHSA-7hjg-42gh-8j3v: Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation
Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.
VulnCheck
Incorrect Privilege Assignment
vulncheck·2026
CVE-2026-23550 Incorrect Privilege Assignment
Incorrect Privilege Assignment
Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1.
Affected: Modular DS WordPress Modular DS Plugin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://patchstack.com/articles/critical-privilege-escalation-vulnerability-in-modular-ds-plugin-affecting-40k-sites-exploited-in-the-wild/; https://patchstack.com/database/wordpress/plugin/modular-connector/vulnerability/wordpress-modular-ds-monitor-update-and-backup-multiple-websites-plugin-2-5-1-privilege-escalation-vulnerability; https://www.cve.org/CVERe
No detection rules found.
Nuclei
Modular DS - Broken Access Control
nuclei
CVE-2026-23550 Modular DS - Broken Access Control
Modular DS - Broken Access Control
Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.
Template:
id: CVE-2026-23550
info:
name: Modular DS - Broken Access Control
author: DhiyaneshDk
severity: high
description: |
Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.
impact: |
Attackers can escalate their privileges, potentially gaining unauthorized access to sensitive functions or data.
remediation: |
Update to the latest version beyond 2.5.1.
reference:
- https://help.modulards.com/en/article/modular-ds-securi
Bleepingcomputer
WordPress membership plugin bug exploited to create admin accounts
blogs_bleepingcomputer·2026-03-05·CVSS 9.8
CVE-2026-1492 [CRITICAL] WordPress membership plugin bug exploited to create admin accounts
## WordPress membership plugin bug exploited to create admin accounts
## Bill Toulas
Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites.
Developed by WPEverest, the plugin provides membership and user registration management features, including custom forms, payment integrations with PayPal and Stripe, bank transfers, and analytics.
The security vulnerability is tracked as CVE-2026-1492 and received a critical severity rating of 9.8. Because the plugin accepts a user-supplied role during membership registration, hackers can create administrator accounts without authentication.
An administrator account has full access on the website, and it is required to install plugins and themes, edit P
Recorded Future
January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
blogs_recorded_future·2026-02-24·CVSS 7.8
[HIGH] January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
## January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
January 2026 saw a modest 5% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 23 vulnerabilities requiring immediate remediation, up from 22 in December 2025. Noteworthy trends last month included Russian state-sponsored exploitation of a Microsoft Office zero-day and critical authentication bypass flaws affecting enterprise infrastructure.
What security teams need to know:
APT28's Operation Neusploit: Russian state-sponsored actors exploited CVE-2026-21509 (Microsoft Office) via weaponized RTF files, delivering MiniDoor, PixyNetLoader, and Covenant Grunt implants
Microsoft and SmarterTools lead concerns: These vendors accounted
Checkpoint
19th January – Threat Intelligence Report
blogs_checkpoint·2026-01-19
CVE-2025-37164 19th January – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 19th January – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 19th January, please download our Threat Intelligence Bulletin.
TOP ATTACKS AND BREACHES
Spanish energy company Endesa has disclosed a data breach after unauthorized access to a commercial platform used to manage customer information. Media report attackers listed over 1 terabyte of data, including IBANs, for sale.
Belgian hospital AZ Monica has experienced a cyberattack that forced the shutdown of IT systems
Bleepingcomputer
Hackers exploit Modular DS WordPress plugin flaw for admin access
blogs_bleepingcomputer·2026-01-15
CVE-2026-23550 Hackers exploit Modular DS WordPress plugin flaw for admin access
## Hackers exploit Modular DS WordPress plugin flaw for admin access
## Bill Toulas
Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass authentication remotely and access the vulnerable sites with admin-level privileges.
The flaw, tracked as CVE-2026-23550 , affects versions 2.5.1 and older of Modular DS, a management plugin that allows managing multiple WordPress sites from a single interface.
The plugin lets owners, developers, or hosting providers remotely monitor sites, perform updates, manage users, access server information, run maintenance tasks, and log in. Modular DS has more than 40,000 installations.
According to Patchstack researchers, CVE-2026-23550 is currently exploited in the wild, the first attacks bein
Recorded Future
January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
blogs_recorded_future·CVSS 4.9
[MEDIUM] January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
# January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5% Increase, APT28 Exploits Microsoft Office Zero-Day
January 2026 saw a modest 5% increase in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 23 vulnerabilities requiring immediate remediation, up from 22 in December 2025. Noteworthy trends last month included Russian state-sponsored exploitation of a Microsoft Office zero-day and critical authentication bypass flaws affecting enterprise infrastructure.
What security teams need to know:
- APT28's Operation Neusploit: Russian state-sponsored actors exploited CVE-2026-21509 (Microsoft Office) via weaponized RTF files, delivering MiniDoor, PixyNetLoader, and Covenant Grunt implants
- Microsoft and SmarterTools lead concerns: These vendors accounte
Greynoiseio
NoiseLetter February 2026
blogs_greynoiseio
NoiseLetter February 2026
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Wiz
CVE-2026-23550 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-23550 [CRITICAL] CVE-2026-23550 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23550 :
WordPress vulnerability analysis and mitigation
Incorrect Privilege Assignment vulnerability in Modular DS Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from n/a through <= 2.5.1.
Source : NVD
Published January 14, 2026
CNA Score N/A
Affected Technologies
WordPress
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 76.1
Exploitation Probability (EPSS) 0.9
Affected packages and libraries
modular-connector
Sources
NVD
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related WordPress vulnerabilities:
CVE ID
Severity
Score
Techn
2026-01-14
Published
Exploited in the wild