Vulnerabilities > Iqonic > Kivicare > 3.5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-28 | CVE-2025-1572 | SQL Injection vulnerability in Iqonic Kivicare The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘u_id’ parameter in all versions up to, and including, 3.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 8.8 |
| 2024-12-06 | CVE-2024-11729 | SQL Injection vulnerability in Iqonic Kivicare The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-12-06 | CVE-2024-11730 | SQL Injection vulnerability in Iqonic Kivicare The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2024-12-06 | CVE-2024-11728 | Unspecified vulnerability in Iqonic Kivicare The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.5 |
| 2024-06-08 | CVE-2024-35659 | Unspecified vulnerability in Iqonic Kivicare Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects KiviCare: from n/a through 3.6.2. | 8.8 |