Filtered by vendor Adivaha Subscriptions

Search

Switch to Advanced Search (Beta)
Total 2 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-54358 2 Adivaha, Wordpress 2 Wordpress Adivaha Travel Plugin, Wordpress 2026-04-10 6.1 Medium
WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at the /mobile-app/v3/ endpoint to execute arbitrary code in victims' browsers and steal session tokens or credentials.
CVE-2023-54359 2 Adivaha, Wordpress 2 Wordpress Adivaha Travel Plugin, Wordpress 2026-04-10 8.2 High
WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid' GET parameter. Attackers can send requests to the /mobile-app/v3/ endpoint with crafted 'pid' values using XOR-based payloads to extract sensitive database information or cause denial of service.