WordPress is a set of blogging platform developed using the PHP language. A SQL injection vulnerability exists in versions of the WordPress plugin KiviCare prior to 2.3.9, which stems from the fact that the plugin does not use certain parameters in SQL statements via ajax_post AJAX operations with get_doctor_details routing before they are cleaned up and escaped. An attacker could exploit this vulnerability to allow an unauthenticated user to take advantage of SQL injection.