{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T15:06:38.952","vulnerabilities":[{"cve":{"id":"CVE-2025-31618","sourceIdentifier":"audit@patchstack.com","published":"2025-03-31T13:15:56.137","lastModified":"2026-04-23T15:28:05.243","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through <= 1.0.10."},{"lang":"es","value":"La vulnerabilidad de falta de autorización en Jaap Jansma Connector to CiviCRM with CiviMcRestFace permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al conector para CiviCRM con CiviMcRestFace desde n/d hasta la versión 1.0.9."}],"metrics":{"cvssMetricV31":[{"source":"audit@patchstack.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"audit@patchstack.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://patchstack.com/database/Wordpress/Plugin/connector-civicrm-mcrestface/vulnerability/wordpress-connector-to-civicrm-with-civimcrestface-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve","source":"audit@patchstack.com"}]}}]}