The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2 through 3.0.1. This makes it possible for unauthenticated attackers to craft valid tokens and assume any user’s identity.
Published: 2025-09-11
CVSS: 9.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Download Exploit for CVE-2025-8570 here:
Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.
https://augustaverburg.nl/exploit-406-cve-2025-24085/
https://augustaverburg.nl/exploit-540-cve-2025-46785/
https://augustaverburg.nl/exploit-388-cve-2022-32893/
https://augustaverburg.nl/exploit-445-cve-2025-1146/