CVE-2025-8570
BaseFortify
Publication date: 2025-09-11
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wordpress | * |
| beyondcart | beyondcart_connector | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The BeyondCart Connector plugin for WordPress has a vulnerability that allows privilege escalation. This happens because the plugin improperly manages the JWT secret and authorization in the determine_current_user filter. As a result, unauthenticated attackers can create valid tokens and impersonate any user on the site.
How can this vulnerability impact me? :
This vulnerability can have a severe impact as attackers can gain unauthorized access by assuming any user's identity without authentication. This can lead to full compromise of the WordPress site, including data theft, unauthorized actions, and complete loss of control over the site.
What immediate steps should I take to mitigate this vulnerability?
Immediate steps include disabling or uninstalling the BeyondCart Connector plugin if it is installed, especially versions 1.4.2 through 2.1.0, since the plugin has been temporarily closed pending a full review. Additionally, ensure that your WordPress installation and plugins are updated once a secure version of BeyondCart Connector is released. Monitor official channels for updates and avoid using the plugin until a fix is available. [1]