CVE-2025-8570 BeyondCart Connector <= 2.1.0 – Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation 🚨 BeyondCart Connector <= 2.1.0 – JWT Privilege Escalation (CVE-2025-8570) 🛡️ Vulnerability Overview The BeyondCart Connector plugin for WordPress, in versions 1.4.2 through 2.1.0, is vulnerable to Privilege Escalation due to improper JWT secret management and faulty authorization mechanisms within the determine_current_user filter. This vulnerability allows unauthenticated attackers to craft valid JSON Web Tokens (JWT) and impersonate any user, including administrators, potentially leading to a full site compromise. CVE: CVE-2025-8570 CVSS Score: 9.8 (Critical) Public Disclosure: September 10, 2025 ⚙️ Script Purpose This repository provides an automated exploit script that leverages the misconfigured JWT secret to escalate privileges and update administrative user data on vulnerable WordPress installations using the BeyondCart Connector plugin. 🚀 Usage Instructions Prerequisites: Python 3.x Required Python libraries: requests, pyjwt Target site must be running BeyondCart Connector plugin version 1.4.2 to 2.1.0 How to Use: Run the script with the required arguments from your terminal. 📝 Arguments & Parameters –url (required): Target WordPress site URL (e.g., https://target.site) –email: New email for the admin user (default: [email protected]) –first_name: New first name for the admin user (default: Nxploited) –last_name:…Read More