GCVE - cpe:2.3:a:adivaha:wordpress_adivaha_travel

Approved changes feed: RSS · Atom

cpe:2.3:a:adivaha:wordpress_adivaha_travel_plugin:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Adivaha (`297fc929-52a5-52d2-b2e1-8dcc8dfa31db`)
Product	Wordpress Adivaha Travel Plugin (`8cf8f6c0-2dc1-53a4-b7bf-0133787156f7`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-54359`	vulnerable	2026-06-03 14:53:46.426804	WordPress adivaha Travel Plugin 2.3 SQL Injection via pid HIGH (8.2) WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid' values using XOR-based payloads to extract sensitive database information or cause denial of service. Published: 2026-04-09T20:54:49.464Z Updated: 2026-04-14T14:49:14.120Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/51655 https://www.adivaha.com/ https://wordpress.org/plugins/adiaha-hotel/ https://www.vulncheck.com/advisories/wordpress-adivaha-travel-plugin-sql-injection-via-pid	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-54358`	vulnerable	2026-06-03 14:53:46.426448	WordPress adivaha Travel Plugin 2.3 Reflected XSS via isMobile MEDIUM (6.1) WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at the /mobile-app/v3/ endpoint to execute arbitrary code in victims' browsers and steal session tokens or credentials. Published: 2026-04-09T20:54:48.665Z Updated: 2026-05-24T01:37:39.062Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/51663 https://www.adivaha.com/ https://wordpress.org/plugins/adiaha-hotel/ https://www.vulncheck.com/advisories/wordpress-adivaha-travel-plugin-reflected-xss-via-ismobile	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Wordpress Adivaha Travel Plugin

PURL mappings

Vulnerability references

Contribute