CVE-2026-0927

MEDIUM

KiviCare - Clinic & Patient Management System (EHR) <3.6.15 - File ...

Title source: llm

Description

The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to arbitrary file uploads due to missing authorization checks in the uploadMedicalReport() function in all versions up to, and including, 3.6.15. This makes it possible for unauthenticated attackers to upload text files and PDF documents to the affected site's server which may be leveraged for further attacks such as hosting malicious content or phishing pages via PDF files.

References (4)

Core 4

Core References

Product

https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/tags/3.6.15/app/controllers/KCAppointmentController.php#L1328

Product

https://plugins.trac.wordpress.org/browser/kivicare-clinic-management-system/trunk/app/controllers/KCAppointmentController.php#L1328

Product

https://plugins.trac.wordpress.org/changeset/3443088/kivicare-clinic-management-system/trunk/app/controllers/KCAppointmentController.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/489931ef-bac3-4de8-84ec-6f226d96f778?source=cve

Scores

CVSS v3 5.3

EPSS 0.0030

EPSS Percentile 21.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (1)

iqonicdesign/KiviCare – Clinic & Patient Management System (EHR) < 3.6.15

Published Jan 23, 2026

Tracked Since Feb 18, 2026