CVE-2024-11729

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 6, 2024
CWE ID 89

Summary

CVE-2024-11729 is a vulnerability affecting the KiviCare plugin for WordPress, specifically its Clinic & Patient Management System (EHR) module. This issue allows authenticated attackers with Custom-level access or higher to execute SQL Injections through the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action. Due to insufficient escaping and query preparation, user-supplied input can be appended to existing database queries, potentially granting attackers access to sensitive data stored in the system. Versions up to and including 3.6.4 are vulnerable to this exploit.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share