The KiviCare WordPress plugin prior to 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
iqonic kivicare |