CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-23800

CVSS 10.0v3.1pub. 2026-01-16upd. 2026-04-15

Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-266 (Incorrect Privilege Assignment) involves improper privilege assignment within the modular-connector plugin. A remote, unauthenticated attacker can exploit this flaw to obtain higher privileges than those they should possess. The network attack vector without authentication or user interaction requirements makes the vulnerability easy to exploit.

Impact

An attacker can perform privilege escalation, potentially gaining full control over WordPress system resources — including data, configuration, and other users — with complete impact on confidentiality, integrity, and availability.

Mitigation & patch

The Modular DS plugin must be updated immediately to version 2.6.0 or newer. Details regarding the patch are available in the Patchstack database at the address indicated in the references.

Who is affected

WordPress Plugin Modular DS (modular-connector) in versions from 2.5.2 (inclusive) to 2.6.0 (exclusive).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
LPE
CWE
References