{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8570", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-04T21:48:02.607Z", "datePublished": "2025-09-11T07:24:59.419Z", "dateUpdated": "2026-04-08T17:24:57.326Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:24:57.326Z"}, "affected": [{"vendor": "beyondcart", "product": "BeyondCart Connector", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 3.0.1. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user\u2019s identity."}], "title": "BeyondCart Connector <= 3.0.1 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0dd4fc0-1c6a-4556-b219-893563a27a69?source=cve"}, {"url": "https://wordpress.org/plugins/beyondcart/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365845%40beyondcart&new=3365845%40beyondcart&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-798 Use of Hard-coded Credentials", "cweId": "CWE-798", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-09-10T18:48:51.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-11T13:34:50.428583Z", "id": "CVE-2025-8570", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:37:55.743Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8570", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-11T13:34:50.428583Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T13:34:52.067Z"}}], "cna": {"title": "BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "beyondcart", "product": "BeyondCart Connector", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.1.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-10T18:48:51.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0dd4fc0-1c6a-4556-b219-893563a27a69?source=cve"}, {"url": "https://wordpress.org/plugins/beyondcart/#developers"}], "descriptions": [{"lang": "en", "value": "The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 2.1.0. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user\u2019s identity."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-11T07:24:59.419Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8570", "state": "PUBLISHED", "dateUpdated": "2025-09-11T14:37:55.743Z", "dateReserved": "2025-08-04T21:48:02.607Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-11T07:24:59.419Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 3.0.1. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user\u2019s identity."}], "id": "CVE-2025-8570", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-11T08:15:35.020", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3365845%40beyondcart&new=3365845%40beyondcart&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/beyondcart/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0dd4fc0-1c6a-4556-b219-893563a27a69?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:51:33.520178+00:00", "value": {"mitigation_remediation": ["Upgrade BeyondCart Connector to the latest released version (\u22653.0.2) that properly configures the JWT secret and includes authorization checks.", "If an immediate upgrade is not possible, temporarily disable the plugin or place the site into maintenance mode to prevent unauthorized access until a patch can be applied.", "As a workaround, configure your web server or a security plugin to block or reject HTTP requests that contain forged JWTs before they reach the determine_current_user filter, for example by adding a firewall or reverse proxy rule that validates JWT signatures.", "After implementing the fix or workaround, perform a test by sending a forged JWT to the determine_current_user endpoint and confirm that the request is denied or that the plugin no longer accepts unauthenticated tokens."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "BeyondCart Connector for WordPress, versions 1.4.2 to 3.0.1 are affected. The issue exists in the plugin distributed through the WordPress plugin repository under the vendor beyondcart.", "description_and_impact": "The vulnerability stems from improper handling of the JWT secret and the absence of authorization checks in the determine_current_user filter within BeyondCart Connector versions 1.4.2 through 3.0.1. An unauthenticated attacker can forge a valid JSON Web Token and impersonate any existing user on a WordPress site, gaining full access to that user\u2019s privileges. This allows the attacker to read, modify, or delete data, and to perform administrative actions without authenticating, matching CWE\u2011798.", "risk_and_exploitability": "The CVSS score of 9.8 indicates critical severity, while the EPSS score of less than 1% suggests a very low exploitation probability at this time. The vulnerability is not listed in CISA\u2019s KEV catalog. Given that the flaw requires an unauthenticated attacker to craft a valid token, the likely attack vector involves sending a forged JWT in HTTP requests to endpoints that invoke the determine_current_user filter. No additional prerequisites beyond accessing the WordPress site are required."}}}}, "created": "2025-09-12T08:03:03.065451+00:00", "updated": "2026-04-20T22:00:11.191548+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}