Iqonicdesign Kivicare – Clinic & Patient Management System (Ehr)
7 CVEs affecting Iqonicdesign Kivicare – Clinic & Patient Management System (Ehr). Latest disclosed: 2026-03-18. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2992 | High | 8.2 | 2026-03-18 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the `/wp-jso… |
CVE-2024-11728 | High | 7.5 | 2024-12-06 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the t… |
CVE-2026-2991 | High | 7.3 | 2026-03-18 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2… |
CVE-2025-1572 | Medium | 6.5 | 2025-02-28 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the ‘u_id’ parameter in all versions up to, and… |
CVE-2024-11729 | Medium | 6.5 | 2024-12-06 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of… |
CVE-2024-11730 | Medium | 6.5 | 2024-12-06 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list… |
CVE-2026-0927 | Medium | 5.3 | 2026-01-23 | The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the… |