The KiviCare WordPress plugin before 2.3.9 does not...
Critical severity
Unreviewed
Published
Jun 14, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jun 13, 2022
Published to the GitHub Advisory Database
Jun 14, 2022
Last updated
Jan 27, 2023
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users
References