[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fg6TbxHsDyHvPt8jqg5mObqzu6KWb-mBvyyXDR4s38Qc":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-2627","kivicare-clinic-patient-management-system-ehr-missing-authorization","KiviCare – Clinic & Patient Management System (EHR) \u003C= 3.2.0 - Missing Authorization","The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to unauthorized access to and modification of data due to missing capability checks on multiple AJAX functions in versions up to, and including, 3.2.0. This makes it possible for authenticated attackers with subscriber-level privileges or above to modify plugin settings including adding arbitrary clinics, doctors, receptionists, and appointment as well as viewing plugin configuration.","kivicare-clinic-management-system",null,"\u003C=3.2.0","3.2.1","medium",5.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:L\u002FI:L\u002FA:N","Missing Authorization","2023-06-05 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F88898997-6199-4b33-bd35-70a1a01812ec?source=api-prod",232]