CVE-2023-54358

MEDIUM

WordPress adivaha Travel Plugin 2.3 Reflected XSS via isMobile

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-54358. PoCs published by CraCkEr.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in the WordPress adivaha Travel Plugin 2.3 via the 'isMobile' GET parameter. The provided payload triggers a JavaScript alert, confirming the vulnerability.

Description

WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. Attackers can craft malicious URLs containing JavaScript payloads in the isMobile GET parameter at the /mobile-app/v3/ endpoint to execute arbitrary code in victims' browsers and steal session tokens or credentials.

Exploits (1)

exploitdb WORKING POC

by CraCkEr · textwebappsphp

https://www.exploit-db.com/exploits/51663

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in the WordPress adivaha Travel Plugin 2.3 via the 'isMobile' GET parameter. The provided payload triggers a JavaScript alert, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: WordPress adivaha Travel Plugin 2.3

No auth needed

Prerequisites: Victim must click a crafted URL

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit

ExploitDB-51663

https://www.exploit-db.com/exploits/51663

Product product

Official Product Homepage

https://www.adivaha.com/

Product product

Product Reference

https://wordpress.org/plugins/adiaha-hotel/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress adivaha Travel Plugin 2.3 Reflected XSS via isMobile

https://www.vulncheck.com/advisories/wordpress-adivaha-travel-plugin-reflected-xss-via-ismobile

Scores

CVSS v3 6.1

EPSS 0.0012

EPSS Percentile 30.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Adivaha/WordPress adivaha Travel Plugin 2.3

Published Apr 09, 2026

Tracked Since Apr 10, 2026