Lucene search
K

86 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-15073

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS0.00249EPSS
Exploits0References5
NVD
NVD
added 3 days ago6 views

CVE-2026-15072

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS0.00281EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-43127

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS6.1AI score0.00281EPSS
Exploits0References8
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-43121

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to generic SQL Injection via the 'orderby' parameter in all versions up to, and including, 4.5.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing...

6.5CVSS6.1AI score0.00249EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42864

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.2AI score0.00342EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-11990

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated...

5.3CVSS6.2AI score0.00342EPSS
Exploits0References13
CVE
CVE
added 2026/06/15 8:18 p.m.13 views

CVE-2026-40792

The vulnerability concerns the WordPress KiviCare plugin (versions

6.3CVSS5.2AI score0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.41 views

CVE-2026-40792 WordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerability

Subscriber Insecure Direct Object References IDOR in KiviCare = 4.2.1 versions...

6.3CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.32 views

CVE-2026-42735 WordPress KiviCare plugin <= 4.3.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: from n/a through = 4.3.0...

8.2CVSS0.00255EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.26 views

CVE-2026-42735

The CVE concerns the WordPress KiviCare plugin by Iqonic Design (affected: KiviCare kivicare-clinic-management-system, plugin version

8.2CVSS5.8AI score0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.2CVSS5.8AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.6 views

CVE-2026-2992

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.11 views

CVE-2026-25383

CVE-2026-25383 affects the WordPress KiviCare plugin (Iqonic Design KiviCare kivicare-clinic-management-system) up to version 3.6.16. The vulnerability is a Reflected Cross-Site Scripting (XSS) caused by improper input neutralization during web page generation. CVSS 3.1 metrics indicate NETWORK a...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:14 p.m.2 views

CVE-2026-25383 WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through = 3.6.16...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.26 views

CVE-2026-25383 WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Reflected XSS.This issue affects KiviCare: from n/a through = 3.6.16...

7.1CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.30 views

CVE-2026-25034 WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability

Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through = 3.6.16...

6.5CVSS0.00188EPSS
Exploits0References1
CVE
CVE
added 2026/03/25 4:14 p.m.7 views

CVE-2026-25034

Summary: CVE-2026-25034 affects the WordPress plugin KiviCare kivicare-clinic-management-system (Iqonic Design) with a Broken Access Control vulnerability. Affected versions: n/a through 3.6.16. Root cause / detail: Missing/incorrectly configured authorization allows exploitation of access-contro...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

6.5CVSS5.8AI score0.00188EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/23 1:14 p.m.5 views

WordPress KiviCare plugin <= 3.6.16 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by johska in WordPress Plugin KiviCare versions = 3.6.16...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/03/23 1:0 p.m.7 views

WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Andrea Bocchetti in WordPress Plugin KiviCare versions = 3.6.16...

6.5CVSS5.8AI score0.00188EPSS
Exploits0Affected Software1
Rows per page
Query Builder