A maximum-severity security flaw in a WordPress plugin called
Modular DS has come under active exploitation in the wild,
according to Patchstack. The vulnerability, tracked as
CVE-2026-23550 (CVSS score: 10.0), has been described as a case of
unauthenticated privilege escalation impacting all versions of the
plugin prior to and including 2.5.1. It has been patched in version
2.5.2. The plugin
Read more https://thehackernews.com/2026/01/critical-wordpress-modular-ds-plugin.html
