cleantalk
Vulnerabilities and Security Researches

Modular DS: Manage all your websites from a single dashboard, CVE-2026-3903

CVE, Research URL

CVE-2026-3903

Home page URL

Security reports for Modular DS: Manage all your websites from a single dashboard

Application

Modular DS: Manage all your websites from a single dashboard

Published on
Mar 11, 2026
Research Description
The Modular DS: Monitor, update, and backup multiple websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.1. This is due to missing nonce validation on the postConfirmOauth() function. This makes it possible for unauthenticated attackers to disconnect the plugin's OAuth/SSO connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 2.6.0.
Status
vulnerable
Previous vulnerability researches
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder (CVE-2024-50477) , Oct 29, 2024
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder (CVE-2024-50528) , Nov 03, 2024
Stacks Mobile App Builder – The most powerful Mobile Applications Drag and Drop builder (CVE-2024-50527) , Nov 03, 2024
App Builder – Create Native Android & iOS Apps On The Flight (CVE-2024-9302) , Oct 26, 2024
App Builder – Create Native Android & iOS Apps On The Flight (CVE-2024-7651) , Aug 22, 2024
New vulnerability
Frontend Posting WordPress Plugin – Frontend Post Submission Manager Lite (CVE-2026-1296) , Apr 14, 2026
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2026-1512) , Apr 14, 2026
Quiz Maker (CVE-2026-2384) , Apr 14, 2026
Yoast SEO (CVE-2026-1293) , Apr 14, 2026
Migration, Backup, Staging – WPvivid (CVE-2026-1357) , Apr 14, 2026