Stacks Mobile App Builder 5.2.3 Authentication Bypass via Account Takeover

2025.07.28

Credit: stealthcopter

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2024-50477

CWE: N/A

# Exploit Title: Stacks Mobile App Builder 5.2.3 - Authentication Bypass via Account Takeover
# Date: October 25, 2024
# Exploit Author: stealthcopter
# Vendor Homepage: https://stacksmarket.co/
# Software Link: https://wordpress.org/plugins/stacks-mobile-app-builder/
# Version: <= 5.2.3
# Tested on: Ubuntu 24.10/Docker
# CVE: CVE-2024-50477
# References:
# - https://github.com/stealthcopter/wordpress-hacking/blob/main/reports/stacks-mobile-app-builder-priv-esc/stacks-mobile-app-builder-priv-esc.md
# - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-authentication-bypass-via-account-takeover


1. Navigate to the target site and append the following query parameters to the URL to impersonate the user with ID `1`:
`/?mobile_co=1&uid=1`
2. You will now receive an authentication cookie for the specified user ID (typically, user ID `1` is the site administrator).
3. Visit `/wp-admin` — you should have full access to the admin dashboard.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Stacks Mobile App Builder 5.2.3 Authentication Bypass via Account Takeover

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.