1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Hackers exploit WordPress plugin security flaw exposing 40,000 we

    From TechnologyDaily@1337:1/100 to All on Friday, January 16, 2026 11:30:08
    Hackers exploit WordPress plugin security flaw exposing 40,000 websites to complete takeover risk - here's how to stay safe

    Date:
    Fri, 16 Jan 2026 11:24:19 +0000

    Description:
    Critical WordPress plugin flaw exposed some 40,000 users to risk of a
    complete website takeover.

    FULL STORY ======================================================================Patchsta ck found critical Modular DS flaw (CVE-2026-23550) allowing admin bypass Vulnerability scored 10/10 and is already being exploited in the wild Vendor released fix in version 2.5.2; users urged to upgrade immediately

    If your WordPress website is running the Modular DS plugin, you might want to update to the latest version as soon as possible.

    Modular DS is a popular WordPress plugin used by more than 40,000 websites which allows website admins manage multiple WordPress sites from a single dashboard.

    However security researchers Patchstack recently discovered its versions
    2.5.1 and older carried design and implementation vulnerabilities which exposed multiple sensitive routes and activated an automatic login fallback mechanism. Evidence of attacks

    These vulnerabilities include direct route selection, bypassing of authentication mechanisms, and auto-login as admin, the researchers
    explained. As a result, malicious actors could have bypassed all authentication mechanisms remotely and access the compromised websites with
    an administrator account.

    As soon as the site has already been connected to Modular (tokens present/renewable), anyone can pass the auth middleware: there is no cryptographic link between the incoming request and Modular itself, Patchstacak explained.

    This exposes several routes [...] which allow various actions to be
    performed, ranging from remote login to obtaining sensitive system or user data.

    The vulnerability is now tracked as CVE-2026-23550 and was given a severity score of 10/10 (critical).

    In its write-up, Patchstack said the flaw is already being exploited in the wild, and that first attacks were detected on January 13, 2026, citing WP.one Support Engineers team. The Modular DS vendor was notified on January 14 (a day after the first attacks were confirmed), and it came back with a fix only a few hours later.

    The fix brought Modular DS to version 2.5.2, and users are now advised to upgrade without delay.

    We strongly recommend that all Modular DS installations ensure they are running this version as soon as possible and complete the following actions, Modular DS said in a security advisory.

    The actions advised include reviewing potential indicators of compromise (which can be found here ), regenerating WordPress salts, regenerating OAuth credentials, and scanning the site for malicious plugins or files.

    Via BleepingComputer

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/hackers-exploit-wordpress-plugin-securi ty-flaw-exposing-40-000-websites-to-complete-takeover-risk-heres-how-to-stay-s afe


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)