Authentication Bypass Vulnerability in Iqonic Design KiviCare Clinic Management System
CVE-2026-42735

8.2HIGH

Key Information:

Vendor: WordPress
Status: Kivicare
Vendor: CVE Published:; 27 May 2026

What is CVE-2026-42735?

The Iqonic Design KiviCare Clinic Management System is vulnerable to an authentication bypass due to an alternate path or channel vulnerability. This flaw permits unauthorized password recovery exploitation, allowing attackers to gain access to sensitive functionalities without proper authentication. The vulnerability affects versions of KiviCare up to and including 4.3.0, potentially compromising the security and confidentiality of patient data.

Affected Version(s)

KiviCare 0 <= 4.3.0

References

https://patchstack.com/database/Wordpress/Plugin/kivicare...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 27, 2026
Vulnerability Reserved
Apr 29, 2026

Credit

kai63001 | Patchstack Bug Bounty Program

CVE-2026-42735 Data

JSON