プラットフォーム
wordpress
コンポーネント
wordpress
修正版
2.3.1
CVE-2023-54358 is a reflected cross-site scripting (XSS) vulnerability discovered in the adivaha Travel Plugin for WordPress. This vulnerability allows unauthenticated attackers to inject malicious scripts into a user's browser. The issue affects versions of the plugin prior to 2.3 and can be exploited by crafting malicious URLs. A fix is available in version 2.3 of the plugin.
Successful exploitation of this XSS vulnerability allows an attacker to execute arbitrary JavaScript code within the context of a victim's browser session. This can lead to the theft of sensitive information, such as session cookies and authentication credentials. An attacker could potentially hijack user accounts, perform actions on behalf of the user, or redirect the user to a malicious website. The impact is amplified if the plugin is widely used on a high-traffic WordPress site, potentially affecting a large number of users. The attacker could also deface the website or inject malware.
CVE-2023-54358 was published on 2026-04-09. The vulnerability is relatively straightforward to exploit, requiring only the crafting of a malicious URL. No public exploits or active campaigns have been reported at the time of writing, but the ease of exploitation suggests a potential for future attacks. The EPSS score is likely to be medium, reflecting the potential for widespread exploitation given the popularity of WordPress and plugins.
エクスプロイト状況
EPSS
0.08% (24% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2023-54358 is to upgrade the adivaha Travel Plugin to version 2.3 or later, which contains the fix. If immediate upgrading is not possible due to compatibility concerns or testing requirements, consider implementing input validation and sanitization on the /mobile-app/v3/ endpoint to prevent the injection of malicious scripts. Web application firewalls (WAFs) can also be configured to block requests containing suspicious JavaScript payloads in the isMobile parameter. Regularly scan your WordPress installation for vulnerable plugins using security scanning tools.
Actualice el plugin adivaha Travel a la última versión disponible para mitigar la vulnerabilidad de XSS. Verifique las actualizaciones del plugin en el panel de administración de WordPress o en el sitio web del desarrollador. Implemente medidas de seguridad adicionales, como la validación y el saneamiento de la entrada del usuario, para prevenir futuras vulnerabilidades de XSS.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2023-54358 is a reflected cross-site scripting (XSS) vulnerability in the adivaha Travel Plugin for WordPress, allowing attackers to inject malicious scripts via the isMobile parameter. This can lead to session hijacking and other malicious activities.
You are affected if you are using the adivaha Travel Plugin in WordPress versions prior to 2.3. Check your plugin version and upgrade immediately if you are vulnerable.
Upgrade the adivaha Travel Plugin to version 2.3 or later. If immediate upgrading is not possible, implement input validation and sanitization on the /mobile-app/v3/ endpoint.
While no public exploits or active campaigns have been reported, the vulnerability's ease of exploitation suggests a potential for future attacks. Monitor your systems closely.
Refer to the WordPress plugin repository and the adivaha Travel Plugin developer's website for the latest information and security advisories related to CVE-2023-54358.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。