Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iqonic kivicare vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-0786
The KiviCare WordPress plugin prior to 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
Iqonic Kivicare
NA
CVE-2023-2623
The KiviCare WordPress plugin prior to 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users
Iqonic Kivicare
NA
CVE-2023-2624
The KiviCare WordPress plugin prior to 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator
Iqonic Kivicare
NA
CVE-2023-2627
The KiviCare WordPress plugin prior to 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update pl...
Iqonic Kivicare
NA
CVE-2023-2628
The KiviCare WordPress plugin prior to 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete ...
Iqonic Kivicare
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started