CVE-2026-25034
WordPress KiviCare plugin <= 3.6.16 - Broken Access Control vulnerability
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
4th
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through <= 3.6.16.
| CWE | CWE-862 |
| Vendor | iqonic design |
| Product | kivicare |
| Published | Mar 25, 2026 |
| Last Updated | Mar 26, 2026 |
Stay Ahead of the Next One
Get instant alerts for iqonic design kivicare
Be the first to know when new medium vulnerabilities affecting iqonic design kivicare are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Iqonic Design / KiviCare
n/a โค <= 3.6.16
References
Credits
Andrea Bocchetti | Patchstack Bug Bounty Program