CoreTechDaily

Critical WordPress Plugin Vulnerability Exposes 40,000 Sites to Takeover Risks

A severe security flaw in the Modular DS WordPress plugin puts 40,000 websites at risk of complete takeover. Here's how to protect your site.

Updated Jan 16, 2026
Tags:securityPluginvulnerabilityWordPress
Critical WordPress Plugin Vulnerability Exposes 40,000 Sites to Takeover Risks
Andrew Wallace

Andrew Wallace

Professional Tech Editor

Focuses on professional-grade hardware, software, and enterprise solutions.

  • Patchstack identified a critical flaw in Modular DS (CVE-2026-23550) allowing admin bypass
  • Vulnerability scored 10/10 and is actively being exploited
  • Vendor released a fix in version 2.5.2; users are urged to upgrade immediately

If your WordPress site utilizes the Modular DS plugin, it's crucial to update to the latest version promptly.

Modular DS is a widely used WordPress plugin that enables administrators to manage multiple WordPress sites from a single dashboard, affecting over 40,000 websites.

Recently, security researchers at Patchstack discovered that versions 2.5.1 and earlier contain design and implementation vulnerabilities that expose sensitive routes and activate an automatic login fallback mechanism.

Evidence of Attacks

The vulnerabilities allow for direct route selection, bypassing of authentication mechanisms, and auto-login as an admin, which means malicious actors could remotely access compromised websites with administrator privileges.

“Once a site is connected to Modular (with tokens present/renewable), anyone can bypass the auth middleware: there is no cryptographic link between the incoming request and Modular itself,” Patchstack explained.

“This exposes several routes [...] enabling various actions, from remote login to accessing sensitive system or user data.”

The vulnerability is tracked as CVE-2026-23550 and has been rated as critical with a severity score of 10/10.

Patchstack reported that the flaw is already being exploited, with the first attacks detected on January 13, 2026. The Modular DS vendor was notified the following day and provided a fix just hours later.

The update to version 2.5.2 is now available, and users are strongly advised to upgrade without delay.

“We recommend that all Modular DS installations ensure they are running this version as soon as possible and take the following actions,” Modular DS stated in a security advisory.

Recommended actions include reviewing potential indicators of compromise (details can be found here), regenerating WordPress salts, regenerating OAuth credentials, and scanning the site for malicious plugins or files.

Via BleepingComputer

React to this story

Related Posts

Understanding the Risks of Hijacked .arpa Domains in Phishing Scams

Mar 2, 2026

Understanding the Risks of Hijacked .arpa Domains in Phishing Scams

Learn how hackers exploit .arpa domains for phishing attacks, and what you can do to protect yourself.

How Cybercriminals Are Using Women for Social Engineering Scams

Mar 2, 2026

How Cybercriminals Are Using Women for Social Engineering Scams

Discover how cybercriminals are recruiting women to enhance their social engineering scams, offering significant pay and targeting major companies.

Concerns Over Lovable's Malware-Ridden Apps: What Users Need to Know

Mar 2, 2026

Concerns Over Lovable's Malware-Ridden Apps: What Users Need to Know

Lovable's coding service faces accusations of hosting malware, prompting developers to reassess their app security practices.

How Cloud Migration Supports AI Opportunities for Businesses

Mar 1, 2026

How Cloud Migration Supports AI Opportunities for Businesses

Explore the critical steps in cloud migration that enable businesses to leverage AI effectively, including governance and security.