Security Advisory

CVE-2022-0786

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-06-13 12:41:32

Last updated 2024-08-02 23:40:03

Assigner WPScan

State PUBLISHED

Description

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users

← Browse all CVEs View on cve.org ↗