Lucene search
K

5 matches found

Circl
Circl
added 2023/06/27 6:12 p.m.7 views

CVE-2023-2627

creationtimestamp| type| source ---|---|--- 2023-06-27 18:12:06+00:00| seen| https://t.me/cibsecurity/65574...

4.3CVSS6.2AI score0.00247EPSS
Exploits2References1
NVD
NVD
added 2023/06/27 2:15 p.m.54 views

CVE-2023-2627

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings...

4.3CVSS4.7AI score0.00247EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/06/27 1:17 p.m.20 views

CVE-2023-2627 KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings...

6.7AI score0.00247EPSS
Exploits2References1
CVE
CVE
added 2023/06/27 1:17 p.m.47 views

CVE-2023-2627

CVE-2023-2627 affects the KiviCare WordPress plugin prior to version 3.2.1, which lacked CSRF and authorization checks in several AJAX actions. This allows any authenticated user (e.g., Subscriber) to call these actions and potentially add arbitrary Clinic Admin/Doctors or modify plugin settings....

4.3CVSS4.5AI score0.00247EPSS
Exploits2References1Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.14 views

WordPress KiviCare Plugin < 3.2.1 is vulnerable to Broken Access Control

Software KiviCare Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2627 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 5c0ff19791d9 Credits Erwan LR WPScan Required privileg...

4.3CVSS6.4AI score0.00247EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder