CVE-2024-11730 – This SQL injection vulnerability in the KiviCar... (How to Fix)

Q: What is the severity of CVE-2024-11730?

CVE-2024-11730 has a CVSS score of 6.5 (MEDIUM). This SQL injection vulnerability in the KiviCare WordPress plugin allows authenticated attackers with doctor or receptionist access to execute arbitrary SQL queries. Attackers can extract sensitive data from the database, including patient records and system information. All WordPress sites using KiviCare versions up to 3.6.4 are affected.

📋 TL;DR

This SQL injection vulnerability in the KiviCare WordPress plugin allows authenticated attackers with doctor or receptionist access to execute arbitrary SQL queries. Attackers can extract sensitive data from the database, including patient records and system information. All WordPress sites using KiviCare versions up to 3.6.4 are affected.

💻 Affected Systems

Products:

KiviCare - Clinic & Patient Management System (EHR) WordPress plugin

Versions: All versions up to and including 3.6.4

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user with doctor or receptionist privileges or higher.

📦 What is this software?

Kivicare by Iqonic

View all CVEs affecting Kivicare →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to exposure of all patient medical records, user credentials, and system data, potentially enabling further attacks or data exfiltration.

🟠

Likely Case

Extraction of sensitive patient information and user data, potentially violating privacy regulations and enabling credential theft.

🟢

If Mitigated

Limited impact due to proper access controls, but still potential for data exposure within the attacker's authorized scope.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but uses simple SQL injection techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.6.5

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3201428/kivicare-clinic-management-system/trunk/app/controllers/KCStaticDataController.php

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find KiviCare plugin. 4. Click 'Update Now' or manually update to version 3.6.5+. 5. Verify update completes successfully.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the KiviCare plugin until patched to prevent exploitation.

wp plugin deactivate kivicare-clinic-management-system

Access Restriction

all

Restrict access to WordPress admin panel to trusted IP addresses only.

🧯 If You Can't Patch

Implement strict network segmentation to isolate the WordPress instance
Enforce strong authentication and monitor for suspicious doctor/receptionist account activity

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > KiviCare version. If version is 3.6.4 or lower, system is vulnerable.

Check Version:

wp plugin get kivicare-clinic-management-system --field=version

Verify Fix Applied:

Verify KiviCare plugin version is 3.6.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL queries in database logs
Multiple failed login attempts followed by doctor/receptionist account access
AJAX requests to /wp-admin/admin-ajax.php with suspicious sort[] parameters

Network Indicators:

Unusual outbound database connections from WordPress server
Patterns of data exfiltration following authenticated sessions

SIEM Query:

source="wordpress.log" AND ("admin-ajax.php" AND "action=static_data_list" AND "sort[]")

📊 Metadata

CVE ID: CVE-2024-11730

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-89

Published: December 6, 2024

Last Updated: February 5, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11730, you might also want to check these: