cleantalk
Vulnerabilities and Security Researches

KiviCare – Clinic & Patient Management System (EHR), CVE-2023-2628

CVE, Research URL

CVE-2023-2628

Home page URL

Security reports for KiviCare – Clinic & Patient Management System (EHR)

Application

KiviCare – Clinic & Patient Management System (EHR)

Published on
Jun 27, 2023
Research Description
The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc)
Affected versions
max 3.2.1.
Status
vulnerable
Previous vulnerability researches
KiviCare – Clinic & Patient Management System (EHR) (CVE-2024-11728) , Dec 06, 2024
KiviCare – Clinic & Patient Management System (EHR) (CVE-2024-11730) , Dec 06, 2024
KiviCare – Clinic & Patient Management System (EHR) (CVE-2025-66095) , Dec 11, 2025
KiviCare – Clinic & Patient Management System (EHR) (CVE-2024-11729) , Dec 06, 2024
KiviCare – Clinic & Patient Management System (EHR) (CVE-2026-25022) , Feb 27, 2026
New vulnerability
LeadConnector (CVE-2026-25441) , Feb 27, 2026
NextMove Lite – Thank You Page for WooCommerce (CVE-2025-68048) , Feb 27, 2026
Image Optimizer by Elementor – Compress, Resize and Optimize Images (CVE-2026-25387) , Feb 27, 2026
Printful Integration for WooCommerce (CVE-2025-12375) , Feb 27, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-25322) , Feb 27, 2026