Medium severity4.3NVD Advisory· Published Jun 27, 2023· Updated Jun 17, 2026
CVE-2023-2627
CVE-2023-2627
Description
The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin's settings
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/KiviCaredescription
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/162d0029-2adc-4925-9985-1d5d672dbe75nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.