Exploitation was already noticed within the wild, with some intrusions resulting in WordPress Admin periods, earlier than a set replace was accessible to customers.
Profitable exploit grants Admin rights
The vulnerability lies in how Modular DS handles requests internally. The plugin exposes a set of REST-style routes underneath an “/api/modular-connector/” prefix which can be presupposed to be protected by authentication middleware. However as a result of an oversight within the route dealing with logic, particularly the isDirectRequest() mechanism, sure requests bypass authentication solely when particular parameters are current.
This implies an attacker who can attain the impacted endpoint can, in a single crafted request, trigger the plugin to deal with them as in the event that they had been a legit authenticated website connection. That, in flip, opens up entry to delicate routes, together with /login/, granting immediate admin privileges or the flexibility to enumerate website customers and information without having a password.
