Privilege Escalation Vulnerability in Modular DS Modular-Connector by Modular DS
CVE-2026-23800

10CRITICAL

Key Information:

Vendor: WordPress
Status: Modular Ds
Vendor: CVE Published:; 16 January 2026

What is CVE-2026-23800?

A vulnerability exists in Modular DS's modular-connector that enables incorrect privilege assignment, allowing an attacker to escalate privileges within the application. This issue specifically affects versions from 2.5.2 up to, but not including, 2.6.0, potentially exposing sensitive functions to unauthorized users and compromising the integrity of the system.

Affected Version(s)

Modular DS 2.5.2 < 2.6.0

References

https://patchstack.com/database/wordpress/plugin/modular-...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2026
Vulnerability Reserved
Jan 16, 2026

Credit

Pikachu | Patchstack

JSON

WordPress

What is CVE-2026-23800?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit