CVE-2024-11728
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Dec 6, 2024
CWE ID 89
Summary
CVE-2024-11728: The WordPress plugin KiviCare, used for clinic and patient management, has a vulnerability that allows unauthenticated SQL Injection attacks. The issue lies in the tax_calculated_data AJAX action, where insufficient escaping on the 'visit_type[service_id]' parameter and lack of preparation of the existing SQL query lets attackers append additional queries. This vulnerability potentially exposes sensitive information from the database. All versions up to and including 3.6.4 are affected.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share