AnonymousMedia.org

Category: Uncategorized

  • Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access

    Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access


    Ravie LakshmananJan 15, 2026Web Security /Vulnerability

    A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack.

    The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and including 2.5.1. It has been patched in version 2.5.2. The plugin has more than 40,000 active installs.

    “In versions 2.5.1 and below, the plugin is vulnerable to privilege escalation, due to a combination of factors including direct route selection, bypassing of authentication mechanisms, and auto-login as admin,” Patchstack said.

    The problem is rooted in its routing mechanism, which is designed to put certain sensitive routes behind an authentication barrier. The plugin exposes its routes under the “/api/modular-connector/” prefix.

    Cybersecurity

    However, it has been found that this security layer can be bypassed every time the “direct request” mode is enabled by supplying an “origin” parameter set to “mo” and a “type” parameter set to any value (e.g., “origin=mo&type=xxx”). This causes the request to be treated as a Modular direct request.

    “Therefore, as soon as the site has already been connected to Modular (tokens present/renewable), anyone can pass the auth middleware: there is no cryptographic link between the incoming request and Modular itself,” Patchstack explained.

    “This exposes several routes, including /login/, /server-information/, /manager/, and /backup/, which allow various actions to be performed, ranging from remote login to obtaining sensitive system or user data.”

    As a result of this loophole, an unauthenticated attacker can exploit the “/login/{modular_request}” route to get administrator access, resulting in privilege escalation. This could then pave the way for a full site compromise, permitting an attacker to introduce malicious changes, stage malware, or redirect users to scams.

    According to details shared by the WordPress security company, attacks exploiting the flaw are said to have been first detected on January 13, 2026, at around 2 a.m. UTC, with HTTP GET calls to the endpoint “/api/modular-connector/login/” followed by attempts to create an admin user.

    The attacks have originated from the following IP addresses –

    In light of active exploitation of CVE-2026-23550, users of the plugin are advised to update to a patched version as soon as possible.

    Cybersecurity

    “This vulnerability highlights how dangerous implicit trust in internal request paths can be when exposed to the public internet,” Patchstack said.

    “In this case, the issue was not caused by a single bug, but by several design choices combined together: URL-based route matching, a permissive ‘direct request’ mode, authentication based only on the site connection state, and a login flow that automatically falls back to an administrator account.”

    Modular DS is also recommending users to review their sites for signs of compromise, such as unexpected admin users or suspicious requests from automated scanners, and, if found, perform the steps below –

    • Regenerate WordPress salts to invalidate all existing sessions
    • Regenerate OAuth credentials
    • Scan the site for malicious plugins, files, or code

    “The vulnerability was located in a custom routing layer extending Laravel’s route matching functionality,” the maintainers of the plugin said. “The route matching logic was overly permissive, allowing crafted requests to match protected endpoints without proper authentication validation.”



    Source link

  • Israel pushes back on Trump’s picks for executives on Gaza ‘Board of Peace’

    Israel pushes back on Trump’s picks for executives on Gaza ‘Board of Peace’


    Reuters Trump and Netanyahu speaking at a conference, while both wearing suits with red ties with Israeli and US flags in backgroundReuters

    Israeli Prime Minister Benjamin Netanyahu has convened a meeting with his top advisers to discuss Donald Trump’s “Board of Peace” for Gaza, after it revealed the US did not include Israel in talks to do with its creation.

    Netanyahu’s office said it was “not coordinated with Israel and runs contrary to its policy”, following Saturday’s announcement of the committee’s Gaza Executive Board, which includes the Turkish foreign minister and a Qatari official, as well as former-UK PM Tony Blair and Trump’s son-in-law Jared Kushner.

    The Board of Peace, which is part of Trump’s 20-point plan to end the Israel-Hamas war, is expected to temporarily oversee the running of Gaza and manage its reconstruction.

    Its exact structure remains unclear and members are still being invited.

    Two separate senior bodies have been officially unveiled, both of which sit under the main Board of Peace.

    One is a “founding Executive Board”, with a high-level focus on investment and diplomacy. The other, the “Gaza Executive Board”, is responsible for overseeing all on-the-ground work of yet another administrative group, the National Committee for the Administration of Gaza (NCAG).

    So far, the only Israeli member on the Gaza Executive Board is Yakir Gabay, a businessman born in Israel and now based in Cyprus. There are no Palestinians on either senior board.

    Israel’s far-right National Security Minister Itamar Ben-Gvir wrote on X: “The Gaza Strip does not need any “administrative committee” to oversee its “rehabilitation” – it needs to be cleansed of Hamas terrorists”.

    Israel’s opposition leader Yair Lapid called the announcement a “diplomatic failure for Israel.”

    Officials from Qatar and Turkey, which have both been critical of Israel’s military actions in Gaza, are confirmed members of the advisory panel.

    The overarching Board of Peace will be made up of world leaders, with President Trump as its chairman, the White House said.

    While those members have not been announced, the leaders of the UK, Hungary, Argentina, Jordan, Turkey, India, and Egypt have reportedly been invited.

    Governments have reacted cautiously to the invitations, with only Hungarian Prime Minister Viktor Orban, a Trump ally, confirming he has accepted the role.

    The White House said those chosen will work to ensure “effective governance and the delivery of best-in-class services that advance peace, stability, and prosperity for the people of Gaza”.

    The UK was seeking more clarity on the committee, a government source told the BBC.

    On Saturday, Bloomberg reported that Trump was asking countries to contribute $1bn (£745m) to join the panel.

    Speaking to CBS news , a US official confirmed the reports, but clarified that countries could still join on a three year membership without paying anything.

    Canada’s Mark Carney said that he agreed with Trump’s plan on principle, but that the details – including financial ones – were still being worked through.

    Speaking to reporters in Doha on Sunday, he made clear that Canada did not have “unimpeded” aid funds to cover the costs of membership.

    Meanwhile, the United Nations warned on Saturday that the humanitarian crisis in Gaza is “far from over”.

    The UN estimates around 80% of buildings in Gaza have been destroyed or damaged and families who have survived the war are now struggling with the winter weather, and a lack of food and shelter.

    Olga Cherevko from the UN aid coordination office said that the delivery of tonnes aid and fixed roads in the months since a ceasefire came into effect were a “band aid” rather than a solution.

    Bitter winter weather has led to further complications, destroying buildings and making it difficult to access healthcare.

    Israel says that it is facilitating humanitarian assistance, and has blamed the UN for failing to distribute supplies already in Gaza. It argues any restrictions are designed to stop Hamas infiltrating and exploiting relief efforts.



    Source link

  • ‘Europe won’t be blackmailed,’ Danish PM says in wake of Trump Greenland threats

    ‘Europe won’t be blackmailed,’ Danish PM says in wake of Trump Greenland threats


    Reuters Danish Prime Minister Mette Frederiksen speaks at a press conference Reuters

    Mette Frederiksen and other European allies are standing in solidarity with Greenland, despite Trump’s threat of tariffs

    Denmark’s Prime Minister Mette Frederiksen says “Europe won’t be blackmailed”, as she and other European leaders continue to weigh their response to US President Donald Trump’s tariff threats over Greenland.

    Trump says he will impose new taxes on eight US allies – Denmark, Finland, France, Germany, the Netherlands, Norway, Sweden and the UK – in February if they oppose his proposed takeover of the autonomous Danish territory.

    He insists Greenland is critical for US security and has not ruled out taking it by force – a move that has drawn widespread criticism.

    The countries threatened with tariffs have now issued joint statement, saying Trump’s plan risks a “dangerous downward spiral”.

    “Tariff threats undermine transatlantic relations,” they said, reiterating that they “stand in full solidarity with the Kingdom of Denmark and the people of Greenland”.

    The countries stressed they are “committed to strengthening Arctic security as a shared transatlantic interest” as members of the Nato military alliance.

    “We stand ready to engage in a dialogue based on the principles of sovereignty and territorial integrity that we stand firmly behind,” the statement reads.

    Separately, Frederiksen wrote on Facebook: “We want to cooperate and we are not the ones seeking conflict. And I am happy for the consistent messages from the rest of the continent: Europe will not be blackmailed.”

    “It is all the more important that we stand firm on the fundamental values that created the European community.”

    It came as EU members held an emergency meeting in Brussels on Sunday.

    Trump has threatened to impose a 10% tariff on goods from Denmark, Norway, Sweden, France, Germany, the UK, the Netherlands and Finland, which would come into force on 1 February, but could later rise to 25% – and would last until a deal was reached.

    “These Countries, who are playing this very dangerous game, have put a level of risk in play that is not tenable or sustainable,” he wrote, adding: “This is a very dangerous situation for the Safety, Security and Survival of our Planet”.

    The US president insists Greenland is critical for US security and has said previously that Washington would get the territory “the easy way” or “the hard way”.

    Greenland is a sparsely populated but resource-rich and its location between North America and the Arctic makes it well placed for early warning systems in the event of missile attacks and for monitoring vessels in the region.

    US Treasury Secretary Scott Bessent on Sunday told NBC News’ Meet the Press that “Greenland can only be defended if it is part of the US, and it will not need to be defended if it is part of the US”.

    “I believe that the Europeans will understand that this is best for Greenland, best for Europe and best for the United States,” he said.

    It is still unclear how the tariffs will affect those Trump has already imposed on the UK and EU. French President Emmanuel Macron, who is working to co-ordinate the European response to the tariff threats, said he would request that the EU activate its “anti-coercion instrument” if Trump does impose them.

    The US president is due to speak at the World Economic Forum in Davos, Switzerland on Wednesday on the theme “how can we co-operate in a more contested world?” Macron, as well as the leaders of Germany and the EU, will also be attending the annual conference.

    Canadian Prime Minister Mark Carney, who will also be there, said his country was “concerned by the recent escalation” and that it would be “significantly increasing Arctic security — strengthening our military and investing in critical infrastructure”.

    “Canada strongly believes that the best way to secure the Arctic is by working together within Nato,” he also wrote on X.

    The head of Nato, Mark Rutte, meanwhile, said he had spoken to Trump “regarding the security situation in Greenland and the Arctic”.

    “We will continue working on this, and I look forward to seeing him in Davos later this week,” he added.

    EPA/Shutterstock People take part in a protest under the slogans 'Hands off Greenland' and 'Greenland for Greenlanders' in Copenhagen, Denmark, 17 January 2026.EPA/Shutterstock

    Protests were held over the weekend in both Denmark and Greenland

    Public anger in both Denmark and Greenland at Trump’s threats over Greenland appears undiminished. Demonstrations against Trump’s takeover plans were held in Greenland’s capital, Nuuk, on Saturday – before the tariff announcement – as well as in Danish cities.

    These rallies coincide with a visit to Copenhagen by a delegation from the US Congress. Its leader, Democratic Senator Chris Coons, described Mr Trump’s rhetoric as “not constructive”.

    The island’s representative to the US has said that the last time Greenlanders were asked if they wanted to be part of the US, in January 2025, only 6% were in favour of doing so, while 85% were against.

    A recent poll suggests that most Americans also oppose US control of Greenland. A Reuters/Ipsos poll, which was released last Wednesday, indicated just 17% of Americans support the US taking Greenland, compared to 47% who said they opposed Trump’s push to acquire the island.



    Source link