Every CVE whose affected-product data names Iqonic Kivicare, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2022-0786 — CVSS 9.8 (critical): The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the…
CVE-2023-2628 — CVSS 8.8 (high): The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which…
CVE-2024-11728 — CVSS 7.5 (high): The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the…
CVE-2024-11729 — CVSS 6.5 (medium): The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the…
CVE-2023-2623 — CVSS 6.5 (medium): The KiviCare WordPress plugin before 3.2.1 does not restrict the information returned in a response and returns all user data, allowing low…
CVE-2024-11730 — CVSS 6.5 (medium): The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of…
CVE-2025-1572 — CVSS 6.5 (medium): The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘u_id’ parameter…
CVE-2023-2624 — CVSS 6.1 (medium): The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a…
CVE-2023-2627 — CVSS 4.3 (medium): The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any…