A critical privilege escalation vulnerability exists in the BeyondCart Connector plugin for WordPress, identified as CVE-2025-8570. This flaw, rated with a CVSS score of 9.8, allows an unauthenticated attacker to gain administrative privileges on an affected website by exploiting weaknesses in how the plugin manages authentication tokens. Successful exploitation could result in a complete compromise of the website, leading to data theft, site defacement, or further malicious activity.

The vulnerability is a privilege escalation flaw resulting from improper JSON Web Token (JWT) secret management and insufficient authorization checks. The plugin's determine_current_user filter fails to correctly validate user identity and permissions. An unauthenticated attacker can craft a malicious JWT to impersonate a high-privileged user, such as an administrator, and send it to the WordPress site. Due to the flawed validation, the plugin accepts the forged token, granting the attacker full administrative access to the website.

This vulnerability is of critical severity with a CVSS score of 9.8. A successful exploit would grant an attacker complete control over the affected WordPress site. The potential consequences include theft of sensitive customer data, financial information, and intellectual property; website defacement causing significant reputational damage; and the injection of malware to attack site visitors or use the server as a launch point for further attacks. These outcomes pose severe financial, operational, and legal risks to the organization.

Immediate Action: Immediately update the BeyondCart Connector plugin for WordPress to the latest version that addresses this vulnerability. After patching, it is crucial to review web server and application access logs for any signs of exploitation, such as the creation of unauthorized administrative accounts or unexpected changes to the site.

Proactive Monitoring: Implement continuous monitoring of web server logs for unusual or malformed requests targeting WordPress authentication endpoints, particularly those containing JWTs. Monitor for the creation of new user accounts with administrative privileges. A Web Application Firewall (WAF) should be configured to detect and block suspicious requests that align with JWT manipulation techniques.

Compensating Controls: If immediate patching is not feasible, the affected plugin should be disabled until it can be updated. As a temporary measure, configure a WAF with virtual patching rules to block requests attempting to exploit this specific vulnerability. Restrict access to the WordPress administrative dashboard to trusted IP addresses only.

Public Exploit Available: false

This vulnerability represents a critical risk to the organization and requires immediate attention. Due to the high CVSS score of 9.8, a successful exploit would lead to a complete compromise of the affected WordPress website. Although not currently listed on the CISA KEV catalog, immediate patching is the most effective mitigation and is strongly recommended to prevent future exploitation. All systems running the BeyondCart Connector plugin must be identified and updated without delay.