Critical Security Flaw in WordPress Modular DS Plugin Actively Exploited (CVE-2026-23550)

A critical security flaw in the WordPress plugin Modular DS (CVE-2026-23550, CVSS score 10.0) is being actively exploited. Identified as an unauthenticated privilege escalation vulnerability, it affects all versions of the plugin up to and including 2.5.1. The flaw has been patched in version 2.5.2. According to Patchstack, ongoing attacks aim to gain administrator access on vulnerable sites. No additional details about the threat actors or exploitation methods have been provided.