CVE-2025-8570
BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user FilterThe BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 2.1.0. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity.
We have discovered 1 live websites that are affected by CVE-2025-8570.
Affected Software
| Product |  Beyondcart |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1 live websites (100% of Beyondcart install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-798 Use of Hard-coded CredentialsDetails
- Published - Sep 11, 2025
- Updated - Sep 11, 2025
Credits
- Kenneth Dunn (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-8570 Bulgaria | 1 websites |
Website Distribution by TLD
Number of websites using CVE-2025-8570| .com | 1 websites |
Websites affected by CVE-2025-8570
Top websites that are affected by CVE-2025-8570. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | Bulgaria | **,***,*** |
FAQ
CVE-2025-8570 is Use of Hard-coded Credentials in Beyondcart
A total of 1 websites have been identified as vulnerable to CVE-2025-8570, based on global website indexing conducted by WebTechSurvey.
The Beyondcart is affected by the CVE-2025-8570 vulnerability.
Beyondcart versions up to and including 2.1 are vulnerable to CVE-2025-8570.