KiviCare – Clinic & Patient Management System (EHR) <= 3.6.16 - Missing Authorization
Description
The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.6.16. This makes it possible for unauthenticated attackers to perform an unauthorized action.
CVSS Vector Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NTechnical Details
<=3.6.16What Changed in the Fix
Changes introduced in v4.0.0
Source Code
WordPress.org SVN# Exploitation Research Plan: CVE-2026-25034 (KiviCare Missing Authorization) ## 1. Vulnerability Summary The **KiviCare – Clinic & Patient Management System (EHR)** plugin (<= 3.6.16) contains a "Missing Authorization" vulnerability. This occurs because specific administrative or state-changing fu…
Show full research plan
Exploitation Research Plan: CVE-2026-25034 (KiviCare Missing Authorization)
1. Vulnerability Summary
The KiviCare – Clinic & Patient Management System (EHR) plugin (<= 3.6.16) contains a "Missing Authorization" vulnerability. This occurs because specific administrative or state-changing functions registered via WordPress AJAX (wp_ajax_ and wp_ajax_nopriv_) or the REST API lack proper capability checks (current_user_can()) or permission callbacks. Consequently, unauthenticated attackers can perform unauthorized actions, such as modifying appointment statuses, changing clinic settings, or manipulating user records.
2. Attack Vector Analysis
- Target Endpoint:
/wp-admin/admin-ajax.php - Vulnerable Action:
kivicare_update_appointment_status(or potentiallykivicare_discard_appointmentorkivicare_save_appointment_widget_setting). - HTTP Method:
POST - Authentication: None (Unauthenticated).
- Parameters:
action:kivicare_update_appointment_statusappointment_id: The ID of the appointment to modify.status: The new status (e.g.,cancelled,confirmed,checkout)._wpnonceorkc_nonce: A valid nonce (if enforced, though often bypassed or publicly exposed).
3.
Check if your site is affected.
Run a free security audit to detect vulnerable plugins, outdated versions, and misconfigurations.