2 matches found
CVE-2023-2628
The CVE-2023-2628 entry concerns the KiviCare WordPress plugin (before 3.2.1) lacking CSRF checks in multiple AJAX actions. The vulnerability enables CSRF exploitation to cause logged-in users to perform unintended actions, such as deleting appointments/medical records or creating/updating user a...
WordPress KiviCare Plugin < 3.2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software KiviCare Type Plugin Vulnerable versions 3.2.1 Fixed in 3.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2628 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fa7e7a55c31e Credits Erwan LR WPScan Required...