WordPress Plugin Vulnerabilities

KiviCare Management System < 3.2.1 - Subscriber+ Unauthorised AJAX Calls

Description

The plugin does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings

Proof of Concept

Affects Plugins

Plugin icon
kivicare-clinic-management-system
Fixed in 3.2.1

References

CVE
CVE-2023-2627

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
8.8 (high)

Miscellaneous

Original Researcher
Erwan LR (WPScan)
Verified
Yes
WPVDB ID
162d0029-2adc-4925-9985-1d5d672dbe75

Timeline

Publicly Published
2023-06-05 (about 2 years ago)
Added
2023-06-05 (about 2 years ago)
Last Updated
2023-06-05 (about 2 years ago)

Other

Published
Title
Published
2023-09-13
Title
WooCommerce CVR Payment Gateway < 6.1.0 - Missing Authorization to Authenticated (Contributor+) CVR Update
Published
2025-01-24
Title
Avada < 7.11.11 - Missing Authorization
Published
2024-08-29
Title
Tutor LMS Pro < 2.7.3 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference
Published
2025-09-22
Title
CF7 Submissions <= 0.26 - Missing Authorization
Published
2025-05-19
Title
The Events Calendar < 6.12.0 - Subscriber+ Import Creation