Missing Authorization Vulnerability in KiviCare Clinic Management System by Iqonic Design
CVE-2026-25034

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Kivicare
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-25034?

The KiviCare clinic management system from Iqonic Design is susceptible to a missing authorization vulnerability, which arises from incorrectly configured access control mechanisms. This flaw allows an attacker to exploit inadequate security settings, potentially granting unauthorized access to sensitive areas of the application, thereby compromising patient data and operational integrity. Users of versions up to and including 3.6.16 should take immediate action to mitigate this vulnerability.

Affected Version(s)

KiviCare 0 <= 3.6.16

References

https://patchstack.com/database/Wordpress/Plugin/kivicare...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Jan 28, 2026

Credit

Andrea Bocchetti | Patchstack Bug Bounty Program

CVE-2026-25034 Data

JSON