CVE-2024-50477
published 2024-10-28CVE-2024-50477: Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication…
PriorityP271critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
7.96%
94.0th percentile
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allows Authentication Bypass.This issue affects Stacks Mobile App Builder: from n/a through <= 5.2.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| stacks | stacks_mobile_app_builder | <= 5.2.3 | — |
| stacksmarket | stacks_mobile_app_builder | <= 5.2.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
path/wp-content/plugins/stacks-mobile-app-builder/readme.txt
- →Detect exploitation attempts by monitoring HTTP requests containing both 'mobile_co=1' and 'uid=' query parameters, which are used to trigger the authentication bypass and impersonate arbitrary WordPress users. ↗
- →Presence of the plugin path /wp-content/plugins/stacks-mobile-app-builder/ on a target confirms the vulnerable software is installed; version confirmation via readme.txt is used in active scanning.
- →Successful exploitation results in a 200 response to /wp-admin/index.php with body containing 'Dashboard', 'Plugins', and 'Edit Profile' — use these strings as post-exploitation indicators in WAF/SIEM alerting.
- ·The bypass is triggered purely via unauthenticated GET query parameters (no credentials required), meaning no prior access or brute-force is needed — any unauthenticated request with mobile_co=1&uid=<N> is sufficient to obtain a session cookie for user N. ↗
- ·The uid parameter is arbitrary — attackers are not limited to uid=1 (admin); any valid WordPress user ID can be targeted, enabling full account takeover across all user roles. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
exploitdb·2025-07-08·CVSS 9.8
CVE-2024-50477 [CRITICAL] Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
---
# Exploit Title: Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
# Date: October 25, 2024
# Exploit Author: stealthcopter
# Vendor Homepage: https://stacksmarket.co/
# Software Link: https://wordpress.org/plugins/stacks-mobile-app-builder/
# Version: <= 5.2.3
# Tested on: Ubuntu 24.10/Docker
# CVE: CVE-2024-50477
# References:
# - https://github.com/stealthcopter/wordpress-hacking/blob/main/reports/stacks-mobile-app-builder-priv-esc/stacks-mobile-app-builder-priv-esc.md
# - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-authentication-bypass-via-account-takeover
1. Navigate to the target site and
Nuclei
WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass
nuclei·CVSS 9.8
CVE-2024-50477 [CRITICAL] WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass
WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass
Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users.
Template:
id: CVE-2024-50477
info:
name: WordPress Stacks Mobile App Builder <=5.2.3 - Authentication Bypass
author: stealthcopter,vijay-sutar
severity: critical
description: |
Stacks Mobile App Builder WordPress plugin ≤ 5.2.3 suffers from an authentication bypass vulnerability via improper handling of query parameters, allowing attackers to impersonate arbitrary users.
impact: |
Attackers can exploit vulnerabilities to compromise the system.
remediation: |
Update to the latest patched version addressing CVE-2024-50477.
refe
No writeups or analysis indexed.
2024-10-28
Published