CVE-2026-3903

Name of the Vulnerable Software and Affected Versions Modular DS: Monitor, update, and backup multiple websites plugin for WordPress versions prior to 2.5.2

Description The software is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is caused by a lack of nonce validation within the postConfirmOauth() function. An unauthenticated attacker could potentially disconnect the plugin’s OAuth/SSO connection by deceiving a site administrator into performing an action, such as clicking a malicious link.

Recommendations Versions prior to 2.5.2 should be updated to address this issue. As a temporary workaround, consider restricting access to the postConfirmOauth() function to minimize the risk of exploitation.