{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2023-54359/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.2,"id":"CVE-2023-54359"}],"_cs_exploited":true,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["wordpress","sql-injection","cve-2023-54359"],"_cs_type":"threat","_cs_vendors":[],"content_html":"\u003cp\u003eThe adivaha Travel plugin 2.3 for WordPress is susceptible to a time-based blind SQL injection vulnerability (CVE-2023-54359). This flaw allows unauthenticated attackers to inject malicious SQL code through the \u0026lsquo;pid\u0026rsquo; GET parameter in requests to the \u003ccode\u003e/mobile-app/v3/\u003c/code\u003e endpoint. By crafting specific \u0026lsquo;pid\u0026rsquo; values with XOR-based payloads, attackers can manipulate database queries. This vulnerability can be exploited to extract sensitive database information or to cause a denial-of-service condition on the affected WordPress site. Publicly available exploits exist, increasing the risk of widespread exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker identifies a WordPress site using the vulnerable adivaha Travel Plugin version 2.3.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP GET request targeting the \u003ccode\u003e/mobile-app/v3/\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u003ccode\u003epid\u003c/code\u003e GET parameter, utilizing XOR-based payloads to bypass input validation or sanitization.\u003c/li\u003e\n\u003cli\u003eThe server processes the malicious SQL query against the WordPress database.\u003c/li\u003e\n\u003cli\u003eDue to the time-based blind SQL injection, the attacker infers information about the database by observing the response time of the server.\u003c/li\u003e\n\u003cli\u003eThrough repeated requests, the attacker extracts sensitive data from the database, such as user credentials, API keys, or other confidential information.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker injects SQL code to cause a denial-of-service condition, such as by creating a very long delay.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the exfiltrated data for malicious purposes or further compromise of the WordPress site.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL injection vulnerability can lead to the extraction of sensitive information from the WordPress database, potentially compromising user accounts, customer data, and other confidential information. Attackers could gain complete control over the affected website, leading to defacement, malware distribution, or further attacks on other systems. A successful denial-of-service attack could also disrupt the availability of the website, impacting business operations and user experience.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eApply any available patches or updates for the adivaha Travel Plugin to remediate CVE-2023-54359.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Suspicious adivaha Travel Plugin SQL Injection Attempt\u003c/code\u003e to your SIEM to identify potential exploitation attempts targeting the \u003ccode\u003e/mobile-app/v3/\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eInspect web server logs for requests to \u003ccode\u003e/mobile-app/v3/\u003c/code\u003e containing suspicious characters or SQL syntax in the \u003ccode\u003epid\u003c/code\u003e parameter to identify exploitation attempts (reference: vulnerable endpoint \u003ccode\u003e/mobile-app/v3/\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for connections to the URLs listed in the IOCs (reference: \u003ccode\u003ehttps://www.exploit-db.com/exploits/51655\u003c/code\u003e and \u003ccode\u003ehttps://www.vulncheck.com/advisories/wordpress-adivaha-travel-plugin-sql-injection-via-pid\u003c/code\u003e).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-09T21:16:05Z","date_published":"2026-04-09T21:16:05Z","id":"/briefs/2026-04-adivaha-sql-injection/","summary":"The WordPress adivaha Travel Plugin version 2.3 is vulnerable to time-based blind SQL injection via the 'pid' GET parameter, allowing unauthenticated attackers to inject SQL code through the /mobile-app/v3/ endpoint for potential data extraction or denial of service.","title":"WordPress adivaha Travel Plugin SQL Injection Vulnerability (CVE-2023-54359)","url":"https://feed.craftedsignal.io/briefs/2026-04-adivaha-sql-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2023-54359","version":"https://jsonfeed.org/version/1.1"}