SQL Injection Vulnerability in Iqonic Design KiviCare Clinic Management System
CVE-2026-25022

8.5HIGH

Key Information:

Vendor

WordPress
Status
Kivicare
Vendor
CVE Published:
3 February 2026

What is CVE-2026-25022?

An SQL Injection vulnerability exists in the KiviCare Clinic Management System developed by Iqonic Design, allowing for the possibility of unauthorized access to database information through blind SQL injection techniques. This flaw is particularly concerning as it affects versions from n/a up to 3.6.16, enabling potential attackers to exploit improperly sanitized SQL commands and gain access to sensitive data. Organizations using affected versions should urgently apply patches and review their security measures to mitigate risks.

Affected Version(s)

KiviCare 0 <= 3.6.16

References

https://patchstack.com/database/Wordpress/Plugin/kivicare...
vdb-entry

CVSS V3.1

Score:
8.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

alakinnn | Patchstack Bug Bounty Program
.