CVE-2026-23550

This PoC exploits a vulnerability in the Modular DS WordPress plugin, performing privilege escalation via admin-ajax.php and uploading a PHP shell and verification marker. It includes multi-threading for mass exploitation and logging of vulnerable targets.

This is a multi-threaded Python scanner for CVE-2026-23550, which exploits an unauthenticated admin bypass vulnerability in the WordPress Modular DS plugin. It verifies admin access by checking for WordPress admin cookies and dashboard access.

This PoC exploits a privilege escalation vulnerability in a WordPress plugin (Modular DS) to upload a PHP shell and a verification marker. It uses a multi-threaded approach to target multiple URLs.

This PoC demonstrates an unauthenticated admin access vulnerability in the Modular DS WordPress plugin (CVE-2026-23550) by exploiting a flawed REST API endpoint that bypasses authentication when the 'origin=mo' parameter is used.

This repository contains a non-exploitative scanner for detecting CVE-2026-23550 in the WordPress Modular DS plugin by checking the plugin's version via readme.txt. It is a legitimate security tool for vulnerability detection.

The repository contains a functional Bash script that exploits an authentication bypass vulnerability in the Modular Connector WordPress plugin (≤ 2.5.1) by sending a crafted POST request with `{"origin":"mo"}` to obtain an admin session cookie.

The repository contains a functional bash script that exploits CVE-2026-23550, targeting a vulnerability in Modular DS (version <= 2.5.1). The script automates the creation of a backdoor admin user and sends crafted HTTP requests to achieve remote code execution (RCE).

This repository contains an advanced obfuscation tool (EpSiLoNPoInTFuCK) designed to evade detection for exploits targeting CVE-2026-0920. It includes multi-layered obfuscation techniques such as XOR encryption, homoglyph substitution, and dead code injection.