Summary
Attackers are exploiting a CVSS 10.0 vulnerability in the Modular DS WordPress plugin to gain unauthenticated administrative access and full site control. The flaw, tracked as CVE-2026-23550, allows hackers to bypass authentication by manipulating URL parameters.
Take Action:
If you are using Modular DS plugin, this is urgent! Updat to version 2.5.2 immediately, because your site is being hacked. If you can't update, disable the plugin. After patching, check your WordPress user list for any unauthorized administrator accounts created recently.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)