
Stacks Mobile App Builder 5.2.3 – Authentication Bypass via Account Takeover
# Exploit Title: Stacks Mobile App Builder 5.2.3 – Authentication Bypass via Account Takeover # Date: October 25, 2024 # Exploit Author: stealthcopter # Vendor Homepage: https://stacksmarket.co/ # Software Link: https://wordpress.org/plugins/stacks-mobile-app-builder/ # Version: <= 5.2.3 # Tested on: Ubuntu 24.10/Docker # CVE: CVE-2024-50477 # References: # – https://github.com/stealthcopter/wordpress-hacking/blob/main/reports/stacks-mobile-app-builder-priv-esc/stacks-mobile-app-builder-priv-esc.md # – https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/stacks-mobile-app-builder/stacks-mobile-app-builder-523-authentication-bypass-via-account-takeover 1. Navigate…