Vulnerabilities > CVE-2023-2627 - Unspecified vulnerability in Iqonic Kivicare

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

iqonic

NVD

Published: 2023-06-27

Updated: 2023-11-07

Summary

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings

Vulnerable Configurations

Part	Description	Count
Application	Iqonic Iqonic Kivicare - Iqonic Kivicare 1.0.0 Iqonic Kivicare 1.1.0 Iqonic Kivicare 1.1.1 Iqonic Kivicare 1.2.0 Iqonic Kivicare 1.2.1 Iqonic Kivicare 1.2.2 Iqonic Kivicare 1.2.3 Iqonic Kivicare 1.2.4 Iqonic Kivicare 1.2.5 Iqonic Kivicare 1.2.6 Iqonic Kivicare 2.0.0 Iqonic Kivicare 2.0.1 Iqonic Kivicare 2.0.2 Iqonic Kivicare 2.0.3 Iqonic Kivicare 2.1.0 Iqonic Kivicare 2.1.2 Iqonic Kivicare 2.1.3 Iqonic Kivicare 2.1.4 Iqonic Kivicare 2.1.5 Iqonic Kivicare 2.1.6 Iqonic Kivicare 2.1.7 Iqonic Kivicare 2.1.8 Iqonic Kivicare 2.1.9 Iqonic Kivicare 2.2.0 Iqonic Kivicare 2.2.1 Iqonic Kivicare 2.2.2 Iqonic Kivicare 2.2.3 Iqonic Kivicare 2.2.4 Iqonic Kivicare 2.2.5 Iqonic Kivicare 2.2.6 Iqonic Kivicare 2.2.7 Iqonic Kivicare 2.2.8 Iqonic Kivicare 2.2.9 Iqonic Kivicare 2.3.0 Iqonic Kivicare 2.3.1 Iqonic Kivicare 2.3.2 Iqonic Kivicare 2.3.3 Iqonic Kivicare 2.3.4 Iqonic Kivicare 2.3.5 Iqonic Kivicare 2.3.6 Iqonic Kivicare 2.3.7 Iqonic Kivicare 2.3.8 Iqonic Kivicare 2.3.9 Iqonic Kivicare 2.4.0 Iqonic Kivicare 2.4.1 Iqonic Kivicare 2.4.2 Iqonic Kivicare 2.4.3 Iqonic Kivicare 2.4.4 Iqonic Kivicare 2.4.5 Iqonic Kivicare 2.4.6 Iqonic Kivicare 2.4.7 Iqonic Kivicare 2.4.8 Iqonic Kivicare 2.4.9 Iqonic Kivicare 2.5.0 Iqonic Kivicare 2.5.1 Iqonic Kivicare 2.5.2 Iqonic Kivicare 2.5.3 Iqonic Kivicare 2.5.4 Iqonic Kivicare 3.0.1 Iqonic Kivicare 3.0.2 Iqonic Kivicare 3.0.3 Iqonic Kivicare 3.0.4 Iqonic Kivicare 3.0.5 Iqonic Kivicare 3.0.6 Iqonic Kivicare 3.0.7 Iqonic Kivicare 3.0.8 Iqonic Kivicare 3.0.9 Iqonic Kivicare 3.1.0 Iqonic Kivicare 3.1.1 Iqonic Kivicare 3.2.0	71

References

https://wpscan.com/vulnerability/162d0029-2adc-4925-9985-1d5d672dbe75