Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iqonic kivicare vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-2623
The KiviCare WordPress plugin prior to 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low privilege users such as subscriber to retrieve sensitive information such as the user email and hashed password of other users
Iqonic Kivicare
NA
CVE-2023-2624
The KiviCare WordPress plugin prior to 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator
Iqonic Kivicare
NA
CVE-2023-2627
The KiviCare WordPress plugin prior to 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update pl...
Iqonic Kivicare
NA
CVE-2023-2628
The KiviCare WordPress plugin prior to 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow malicious users to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete ...
Iqonic Kivicare
7.5
CVSSv2
CVE-2022-0786
The KiviCare WordPress plugin prior to 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
Iqonic Kivicare
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
firmware
CVE-2023-52866
CVE-2024-4367
CVE-2024-1721
CVE-2023-34992
XML injection
CVE-2023-52817
SQL
CVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started