Tech »  Topic »  Hackers exploit WordPress plugin security flaw exposing 40,000 websites to complete takeover risk - here's how to stay safe

Hackers exploit WordPress plugin security flaw exposing 40,000 websites to complete takeover risk - here's how to stay safe

7 hours ago   techradar.com
(Image credit: Shutterstock)
  • Patchstack found critical Modular DS flaw (CVE-2026-23550) allowing admin bypass
  • Vulnerability scored 10/10 and is already being exploited in the wild
  • Vendor released fix in version 2.5.2; users urged to upgrade immediately

If your WordPress website is running the Modular DS plugin, you might want to update to the latest version as soon as possible.

Modular DS is a popular WordPress plugin used by more than 40,000 websites which allows website admins manage multiple WordPress sites from a single dashboard.

However security researchers Patchstack recently discovered its versions 2.5.1 and older carried design and implementation vulnerabilities which exposed multiple sensitive routes and activated an automatic login fallback mechanism.

This popular WordPress security plugin has a worrying flaw which exposed user dataMillions of attacks hit WordPress websites - here's how to make sure you stay safe

Evidence of attacks

These vulnerabilities ...


Copyright of this story solely belongs to techradar.com . To see the full text click HERE