Exploitation was already noticed within the wild, with some intrusions resulting in WordPress Admin classes, earlier than a hard and fast replace was obtainable to customers.
Profitable exploit grants Admin rights
The vulnerability lies in how Modular DS handles requests internally. The plugin exposes a set of REST-style routes underneath an “/api/modular-connector/” prefix which are presupposed to be protected by authentication middleware. However as a result of an oversight within the route dealing with logic, particularly the isDirectRequest() mechanism, sure requests bypass authentication totally when particular parameters are current.
This implies an attacker who can attain the impacted endpoint can, in a single crafted request, trigger the plugin to deal with them as in the event that they had been a respectable authenticated web site connection. That, in flip, opens up entry to delicate routes, together with /login/, granting on the spot admin privileges or the power to enumerate web site customers and information without having a password.
