CVE-2025-31618

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-31618
Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through <= 1.0.10.
CVSS

No CVSS.

References
Link Resource
https://patchstack.com/database/Wordpress/Plugin/connector-civicrm-mcrestface/vulnerability/wordpress-connector-to-civicrm-with-civimcrestface-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve
Configurations

No configuration.

History

01 Apr 2026, 17:21

Type Values Removed Values Added
References
  • {'url': 'https://patchstack.com/database/wordpress/plugin/connector-civicrm-mcrestface/vulnerability/wordpress-connector-to-civicrm-with-civimcrestface-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}
  • () https://patchstack.com/database/Wordpress/Plugin/connector-civicrm-mcrestface/vulnerability/wordpress-connector-to-civicrm-with-civimcrestface-plugin-1-0-9-broken-access-control-vulnerability?_s_id=cve -
CVSS v2 : unknown
v3 : 5.3 		v2 : unknown
v3 : unknown
Summary
  • (es) La vulnerabilidad de falta de autorización en Jaap Jansma Connector to CiviCRM with CiviMcRestFace permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al conector para CiviCRM con CiviMcRestFace desde n/d hasta la versión 1.0.9.
Summary (en) Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through 1.0.9. (en) Missing Authorization vulnerability in Jaap Jansma Connector to CiviCRM with CiviMcRestFace connector-civicrm-mcrestface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Connector to CiviCRM with CiviMcRestFace: from n/a through <= 1.0.10.

31 Mar 2025, 13:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-31 13:15

Updated : 2026-04-01 17:21

NVD link : CVE-2025-31618

Mitre link : CVE-2025-31618

CVE.ORG link : CVE-2025-31618

JSON object : View

Products Affected

No product.

CWE
CWE-862

Missing Authorization