Description
The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 3.0.1. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity.
Published: 2025-09-11
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

The vulnerability stems from improper handling of the JWT secret and the absence of authorization checks in the determine_current_user filter within BeyondCart Connector versions 1.4.2 through 3.0.1. An unauthenticated attacker can forge a valid JSON Web Token and impersonate any existing user on a WordPress site, gaining full access to that user’s privileges. This allows the attacker to read, modify, or delete data, and to perform administrative actions without authenticating, matching CWE‑798.

Affected Systems

BeyondCart Connector for WordPress, versions 1.4.2 to 3.0.1 are affected. The issue exists in the plugin distributed through the WordPress plugin repository under the vendor beyondcart.

Risk and Exploitability

The CVSS score of 9.8 indicates critical severity, while the EPSS score of less than 1% suggests a very low exploitation probability at this time. The vulnerability is not listed in CISA’s KEV catalog. Given that the flaw requires an unauthenticated attacker to craft a valid token, the likely attack vector involves sending a forged JWT in HTTP requests to endpoints that invoke the determine_current_user filter. No additional prerequisites beyond accessing the WordPress site are required.

Generated by OpenCVE AI on April 20, 2026 at 21:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade BeyondCart Connector to the latest released version (≥3.0.2) that properly configures the JWT secret and includes authorization checks.
  • If an immediate upgrade is not possible, temporarily disable the plugin or place the site into maintenance mode to prevent unauthorized access until a patch can be applied.
  • As a workaround, configure your web server or a security plugin to block or reject HTTP requests that contain forged JWTs before they reach the determine_current_user filter, for example by adding a firewall or reverse proxy rule that validates JWT signatures.
  • After implementing the fix or workaround, perform a test by sending a forged JWT to the determine_current_user endpoint and confirm that the request is denied or that the plugin no longer accepts unauthenticated tokens.

Generated by OpenCVE AI on April 20, 2026 at 21:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-27645 The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 2.1.0. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity.
History

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 2.1.0. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity. The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 3.0.1. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity.
Title BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter BeyondCart Connector <= 3.0.1 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter
References

Fri, 12 Sep 2025 08:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Thu, 11 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 11 Sep 2025 07:30:00 +0000

Type Values Removed Values Added
Description The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 2.1.0. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity.
Title BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter
Weaknesses CWE-798
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:24:57.326Z

Reserved: 2025-08-04T21:48:02.607Z

Link: CVE-2025-8570

cve-icon Vulnrichment

Updated: 2025-09-11T13:34:52.067Z

cve-icon NVD

Status : Deferred

Published: 2025-09-11T08:15:35.020

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-8570

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T22:00:11Z

Weaknesses