Authentication Bypass Through Alternate Path or Channel Vulnerability
CVE-2024-50477

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: Stacks Mobile App Builder
Vendor: CVE Published:; 28 October 2024

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 30%

Summary

The vulnerability allows for an authentication bypass through an alternate path or channel in the Stacks Mobile App Builder. This flaw can lead to unauthorized access, compromising user accounts and sensitive information. The affected versions range from the earliest release to version 5.2.3, necessitating immediate attention from developers and users alike to ensure secure applications.

Affected Version(s)

Stacks Mobile App Builder <= 5.2.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-50477
Created by RandomRobbieBF

References

https://patchstack.com/database/vulnerability/stacks-mobi...

vdb-entry

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Nov 9, 2024
👾
Exploit known to exist
Nov 9, 2024
Vulnerability published
Oct 28, 2024
Vulnerability Reserved
Oct 24, 2024

Credit

stealthcopter (Patchstack Alliance)