cleantalk
Vulnerabilities and Security Researches

KiviCare – Clinic & Patient Management System (EHR), CVE-2025-66095

CVE, Research URL

CVE-2025-66095

Home page URL

Security reports for KiviCare – Clinic & Patient Management System (EHR)

Application

KiviCare – Clinic & Patient Management System (EHR)

Published on
Nov 21, 2025
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows SQL Injection.This issue affects KiviCare: from n/a through <= 3.6.13.
Affected versions
max 3.6.13.
Status
vulnerable
Previous vulnerability researches
KiviCare &#8211; Clinic &amp; Patient Management System (EHR) (CVE-2024-11728) , Dec 06, 2024
KiviCare &#8211; Clinic &amp; Patient Management System (EHR) (CVE-2024-11730) , Dec 06, 2024
KiviCare &#8211; Clinic &amp; Patient Management System (EHR) (CVE-2025-66095) , Dec 11, 2025
KiviCare &#8211; Clinic &amp; Patient Management System (EHR) (CVE-2024-11729) , Dec 06, 2024
KiviCare &#8211; Clinic &amp; Patient Management System (EHR) (CVE-2026-25022) , Feb 27, 2026
New vulnerability
LeadConnector (CVE-2026-25441) , Feb 27, 2026
NextMove Lite &#8211; Thank You Page for WooCommerce (CVE-2025-68048) , Feb 27, 2026
Image Optimizer by Elementor – Compress, Resize and Optimize Images (CVE-2026-25387) , Feb 27, 2026
Printful Integration for WooCommerce (CVE-2025-12375) , Feb 27, 2026
PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes (CVE-2026-25322) , Feb 27, 2026