CVE-2025-31000

{"id": "CVE-2025-31000", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2025-06-06T13:15:39.363", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/payment-qr-woo/vulnerability/wordpress-payment-qr-woocommerce-1-1-6-broken-access-control-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Miguel Fuentes Payment QR WooCommerce payment-qr-woo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Payment QR WooCommerce: from n/a through <= 1.1.6."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en Miguel Fuentes Payment QR WooCommerce permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al c\u00f3digo QR de pago de WooCommerce desde la versi\u00f3n n/d hasta la 1.1.6."}], "lastModified": "2026-04-23T15:27:30.570", "sourceIdentifier": "audit@patchstack.com"}