Exploit for CVE-2026-23550

Name: Exploit for CVE-2026-23550
Rating: 5 (10 reviews)
2026-06-11 | CVSS 9.8
## https://sploitus.com/exploit?id=9DB3988A-A1AC-5A76-BAFF-A614766C18D9
🧨 CVE-2026-23550 – Modular Connector Admin Bypass

  Unauthenticated WordPress Admin Login via origin=mo Parameter
  Modular Connector Plugin ≤ 2.5.1


---

## 📖 Description

The **Modular Connector** plugin for WordPress (versions **≤ 2.5.1**) contains a critical authentication bypass vulnerability. An unauthenticated attacker can send a crafted POST request to the REST API endpoint `/api/modular-connector/login` with the JSON parameter `{"origin":"mo"}`. This triggers the plugin to issue a valid WordPress admin session cookie, granting full administrative access to the site.

> **CVSS Score:** 9.8 (Critical)  
> **CWE:** CWE-287 (Improper Authentication)  
> **Attack Vector:** Network | **Complexity:** Low | **Privileges:** None

---

## ⚡ Affected Versions

| Plugin                        | Vulnerable Versions |
| :---------------------------- | :------------------ |
| Modular Connector (by ModularWP) | ≤ 2.5.1          |

> **Note:** This vulnerability has been assigned **CVE-2026-23550**. No official patch has been released as of the disclosure date.

---

## 🔬 Proof of Concept (PoC)

### 🐧 Bash Exploit

```bash
chmod +x CVE-2026-23550.sh
./exploit.sh http://target.com