CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities - OpenCVE

ReportizFlow

Filtered by vendor Adivaha Subscriptions

Filtered by product Wordpress Adivaha Travel Plugin Subscriptions

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2023-54358	2 Adivaha, Wordpress	2 Wordpress Adivaha Travel Plugin, Wordpress	2026-04-10	6.1 Medium
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at the /mobile-app/v3/ endpoint to execute arbitrary code in victims' browsers and steal session tokens or credentials.
CVE-2023-54359	2 Adivaha, Wordpress	2 Wordpress Adivaha Travel Plugin, Wordpress	2026-04-10	8.2 High
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid' values using XOR-based payloads to extract sensitive database information or cause denial of service.

Page 1 of 1.