PatchSiren

iqonicdesign CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM iqonicdesign CVE published 2026-07-10

CVE-2026-11990

The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress has an authorization bypass vulnerability in all versions up to, and including, 4.4.0. This allows unauthenticated attackers to mark arbitrary pending appointments as Confirmed and forge an associated completed payment record. The vulnerability is due to improper verification of user authorization for actions. The exploit is achi [truncated]