Skip to content
Join us at Modular DS Connect to learn from special guests and see what's coming in Modular DS 3.0
Save your seat

A note on the recent Modular DS security update

Héctor de Prada

Today hasn’t been an easy day for us, and we want to talk openly about it.

This morning, we identified a critical security vulnerability affecting the Modular DS plugin (Modular Connector). As soon as we became aware of it, we stopped everything else and focused on understanding what had happened and how to fix it as quickly and safely as possible.

The issue has now been fully fixed. That said, we continue to actively monitor the situation, working on next steps and supporting users as needed.

What happened (high level)

Under specific conditions, this vulnerability could have allowed unauthenticated attackers to gain elevated access to affected WordPress sites.

As soon as the issue was reported, we worked closely with our partner Patchstack to analyze the situation and impact, develop a fix as quickly as possible, and take immediate steps to reduce risk across all sites.

No system is perfect, but we believe that how you respond in situations like this matters. And for us, transparency is a key part of that process.

Steps we have taken

  • Less than two hours after the vulnerability was reported, we released a security update fixing the issue (version 2.5.2).
  • Forced the update on all sites where the plugin was installed to reduce exposure as quickly as possible.
  • Notified all our users directly with next steps and recommended actions to protect their sites. We also published a security advisory with more information and technical details about the vulnerability.
  • We continue to investigate and monitor the situation, as well as respond to any questions that arise.

Next steps we’re already working on

We know situations like this create concern and uncertainty, and we’re genuinely sorry for that.

The issue itself has been resolved, but our work doesn’t stop there. Security is a core priority at Modular DS, and the platform remains secure. Our infrastructure is regularly audited, and we’re already working on investigating the root causes behind the incident and reviewing the measures needed to help ensure something like this doesn’t happen again.

As we complete this work, we’ll share more information with our users about the additional steps and improvements we’re putting in place.

On a personal note, I’d like to say thank you:

  • To the first users who reached out quickly when they noticed something wasn’t right, and to Teemu Saarentaus for responsibly reporting and helping us address the vulnerability.
  • To our partners at Patchstack for their help and communication throughout the process.
  • To the Modular DS technical team, for their speed, focus, and commitment to resolving this as quickly as possible.

Thank you for trusting Modular DS. I want to assure you that we’re fully committed to working hard to prevent this from happening again.

Autor
Héctor de Prada
Cofounder & CEO at Modular DS
Almost 10 years working with WordPress in more than 100 different projects. Since 2022 he attends and enjoys as many WordCamps as he can. Always open to talk with other web professionals.
LinkedIn Twitter

Stay in the loop

Be the first to hear about new features, product updates, and everything we’re building at Modular DS.

    Artículos relacionados