CVE-2023-2627

CVE-2023-2627

The KiviCare WordPress plugin before 3.2.1 does not have proper CSRF and authorisation checks in various AJAX actions, allowing any authenticated users, such as subscriber to call them. Attacks include but are not limited to: Add arbitrary Clinic Admin/Doctors/etc and update plugin’s settings

Source: CVE-2023-2627

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다