CVE-2026-40792 WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...

CVE-2026-40792

The vulnerability concerns the WordPress KiviCare plugin (versions

CVE-2026-42735 WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...

CVE-2026-42735

The CVE concerns the WordPress KiviCare plugin by Iqonic Design (affected: KiviCare kivicare-clinic-management-system, plugin version

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-2992

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

CVE-2026-25383

CVE-2026-25383 affects the WordPress KiviCare plugin (Iqonic Design KiviCare kivicare-clinic-management-system) up to version 3.6.16. The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. CVSS 3.1 metrics indicate NETWORK a...

CVE-2026-25383 WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through = 3.6.16...

CVE-2026-25383 WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through = 3.6.16...

CVE-2026-25034

Summary: CVE-2026-25034 affects the WordPress plugin KiviCare kivicare-clinic-management-system (Iqonic Design) with a Broken Access Control vulnerability. Affected versions: n/a through 3.6.16. Root cause / detail: Missing/incorrectly configured authorization allows exploitation of access-contro...

CVE-2026-25034 WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through = 3.6.16...

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin KiviCare versions = 3.6.16...

WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Andrea Bocchetti in WordPress Plugin KiviCare versions = 3.6.16...

WordPress KiviCare - Clinic & Patient Management System (EHR) plugin <= 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability

WordPress KiviCare - Clinic & Patient Management System EHR plugin = 4.1.2 - Unauthenticated Authentication Bypass via Social Login Token vulnerability discovered by Gibran Abdillah in WordPress Plugin KiviCare versions = 4.1.2...

WordPress KiviCare plugin <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard vulnerability

Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard vulnerability discovered by WordFence in WordPress Plugin KiviCare versions = 4.1.2...

Exploit for CVE-2026-2991

KiviCare 📜 Description CVE-2026-2...

EUVD-2026-12839

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

EUVD-2026-12838

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the patientSocialLogin function not verifying the social provider access token before authenticating a user. This makes it...

CVE-2026-2992

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...