Primary

Context

BeyondCart Connector Privilege Escalation Vulnerability

Vulnerability

A privilege escalation vulnerability has been identified in the BeyondCart Connector plugin for WordPress, affecting versions 1.4.2 through 2.1.0. The vulnerability arises from improper management of JSON Web Token (JWT) secrets and authorization within the determine_current_user filter. This flaw allows unauthenticated attackers to create valid tokens and impersonate any user.

Impact

Exploitation of this vulnerability allows for unauthorized users to assume the identities of other users, potentially leading to unauthorized actions or access within the application.

Remediation

No known patch is available. Users are advised to review the vulnerability details and consider uninstalling the affected plugin.

Added: Sep 11, 2025, 9:06 AM

Updated: Sep 11, 2025, 9:06 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.4

remediation

0.0

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BeyondCart Connector Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating