Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0.
The vulnerability classified as CWE-266 (Incorrect Privilege Assignment) involves improper privilege assignment within the modular-connector plugin. A remote, unauthenticated attacker can exploit this flaw to obtain higher privileges than those they should possess. The network attack vector without authentication or user interaction requirements makes the vulnerability easy to exploit.
An attacker can perform privilege escalation, potentially gaining full control over WordPress system resources — including data, configuration, and other users — with complete impact on confidentiality, integrity, and availability.
The Modular DS plugin must be updated immediately to version 2.6.0 or newer. Details regarding the patch are available in the Patchstack database at the address indicated in the references.
WordPress Plugin Modular DS (modular-connector) in versions from 2.5.2 (inclusive) to 2.6.0 (exclusive).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H