CVE-2023-2628
Published: 27 June 2023
Summary
CVE-2023-2628 is a high-severity an unspecified weakness vulnerability in Iqonic Kivicare. Its CVSS base score is 8.8 (High).
Operationally, ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-34099
Vulnerability details
The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. This includes, but is not…
more
limited to: Delete arbitrary appointments/medical records/etc, create/update various users (patients, doctors etc)
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.