Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2023-2628
HistoryJun 27, 2023 - 1:17 p.m.

CVE-2023-2628 KiviCare Management System < 3.2.1 - Multiple CSRF

2023-06-2713:17:22
WPScan
www.cve.org
3
kivicare
csrf
wordpress
ajax
attackers
csrf checks
appointments
medical records
users
doctors

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc)

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "KiviCare",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.2.1"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Related

prion 1
cve 1
wpexploit 1
wpvulndb 1
nvd 1
wordfence 1
prion
prion
Cross site request forgery (csrf)
2023-06-27 14:15:00
cve
cve
CVE-2023-2628
2023-06-27 14:15:11
wpexploit
wpexploit
KiviCare Management System < 3.2.1 - Multiple CSRF
2023-06-05 00:00:00
wpvulndb
wpvulndb
KiviCare Management System < 3.2.1 - Multiple CSRF
2023-06-05 00:00:00
nvd
nvd
CVE-2023-2628
2023-06-27 14:15:11
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 5, 2023 to June 11, 2023)
2023-06-15 13:04:14

AI Score

8.8

Confidence

High

EPSS

0.002

Percentile

52.4%

JSON
Related for CVELIST:CVE-2023-2628
prion1cve1wpexploit1wpvulndb1nvd1wordfence1