Vulnerabilities and security researches formodular-connector modular-connector

Jan 27, 2026

CVE, Research URL: CVE-2026-23550
Home page URL: Security reports for Modular DS: Manage all your websites from a single dashboard
Application: Modular DS: Manage all your websites from a single dashboard
Date: Jan 14, 2026
Research Description: Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1.
Affected versions: max 2.5.1.
Status: vulnerable

CVE, Research URL: CVE-2026-23800
Home page URL: Security reports for Modular DS: Manage all your websites from a single dashboard
Application: Modular DS: Manage all your websites from a single dashboard
Date: Jan 17, 2026
Research Description: Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.
Affected versions: max 2.5.2.
Status: vulnerable

Apr 14, 2026

CVE, Research URL: CVE-2026-3903
Home page URL: Security reports for Modular DS: Manage all your websites from a single dashboard
Application: Modular DS: Manage all your websites from a single dashboard
Date: Mar 11, 2026
Research Description: The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing nonce validation on the postConfirmOauth() function. This makes it possible for unauthenticated attackers to disconnect the plugin's OAuth/SSO connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 2.6.0.
Status: vulnerable