PT-2026-24601 · Modulards · Modular Ds: Monitor

Dmitry Ignatyev

Published

2026-03-11

Updated

2026-03-15

CVE-2026-3903

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Modular DS: Monitor, update, and backup multiple websites plugin for WordPress versions prior to 2.5.2

Description The software is susceptible to a Cross-Site Request Forgery (CSRF) issue. This is caused by a lack of nonce validation within the postConfirmOauth() function. An unauthenticated attacker could potentially disconnect the plugin’s OAuth/SSO connection by deceiving a site administrator into performing an action, such as clicking a malicious link.

Recommendations Versions prior to 2.5.2 should be updated to address this issue. As a temporary workaround, consider restricting access to the postConfirmOauth() function to minimize the risk of exploitation.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2026-3903

Affected Products

Modular Ds: Monitor

PT-2026-24601 · Modulards · Modular Ds: Monitor

CVE-2026-3903

Weakness Enumeration

Related Identifiers

Affected Products

References · 5