Impact
An Incorrect Privilege Assignment flaw in the Modular DS WordPress plugin allows an attacker to increase their level of access beyond what is intended. The weakness, identified as CWE‑266, can enable an attacker to gain administrative privileges within the WordPress system, compromising confidentiality, integrity, and availability of site content and configuration.
Affected Systems
The vulnerability impacts the Modular DS WordPress plugin, specifically versions up to and including 2.5.1. All installations of the plugin in this version range are potentially exposed.
Risk and Exploitability
The CVSS score is 10, indicating a critical level of severity. The exploit probability is moderate, with an EPSS score of 21%, and the issue is not listed in CISA’s Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that the attacker would need some level of access to the WordPress installation, likely through an authenticated session that triggers the plugin’s privilege assignment mechanisms to elevate privileges.
OpenCVE Enrichment