A vulnerability identified as critical has been detected in iqonicdesign KiviCare Plugin up to 4.5.0 on WordPress. Affected by this vulnerability is an unknown functionality of the component REST Endpoint. The manipulation of the argument orderby leads to sql injection.
This vulnerability is traded as CVE-2026-15073. It is possible to initiate the attack remotely. There is no exploit available.