5 matches found
CVE-2023-2627
creationtimestamp| type| source ---|---|--- 2023-06-27 18:12:06+00:00| seen| https://t.me/cibsecurity/65574...
CVE-2023-2627
The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings...
CVE-2023-2627 KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls
The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings...
CVE-2023-2627
CVE-2023-2627 affects the KiviCare WordPress plugin prior to version 3.2.1, which lacked CSRF and authorization checks in several AJAX actions. This allows any authenticated user (e.g., Subscriber) to call these actions and potentially add arbitrary Clinic Admin/Doctors or modify plugin settings....
WordPress KiviCare Plugin < 3.2.1 is vulnerable to Broken Access Control
Software KiviCare Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2627 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 5c0ff19791d9 Credits Erwan LR WPScan Required privileg...