VYPR

KiviCare – Clinic & Patient Management System (EHR)

by KiviCare

CVEs (4)

  • CVE-2026-2992HigMar 18, 2026
    risk 0.46cvss 8.2epss 0.00

    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the `/wp-json/kivicare/v1/setup-wizard/clinic` REST API endpoint in all versions up to, and including, 4.1.2. This makes it…

  • CVE-2026-2991HigMar 18, 2026
    risk 0.40cvss 7.3epss 0.00

    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the `patientSocialLogin()` function not verifying the social provider access token before…

  • CVE-2026-0927MedJan 23, 2026
    risk 0.27cvss 5.3epss 0.00

    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all versions up to, and including, 3.6.15. This makes it possible for…

  • CVE-2024-11728Dec 6, 2024
    risk 0.02cvss epss 0.14

    The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user…