Vulnerabilities and security researches forgwolle-gb gwolle-gb

Jul 13, 2025

CVE, Research URL: CVE-2025-5807
Home page URL: Security reports for Gwolle Guestbook
Application: Gwolle Guestbook
Date: Jul 10, 2025
Research Description: The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gwolle_gb_content’ parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Feb 12, 2025

PSC, Research URL: PSC-2025-64553
Home page URL: Security reports for Gwolle Guestbook
Application: Gwolle Guestbook
Date: Mar 28, 2025
Research Description: Gwolle Guestbook is a feature-rich and user-friendly WordPress guestbook plugin that allows website owners to integrate a secure and customizable guestbook system effortlessly. Unlike using the comment section as an alternative, this plugin provides a dedicated guestbook with built-in moderation, anti-spam measures, and user interaction tools. With a clean and intuitive interface, Gwolle Guestbook ensures seamless guestbook management while maintaining high security standards. To guarantee the protection of user data and site integrity, Gwolle Guestbook undergoes rigorous security audits. The plugin has successfully passed CleanTalk’s security testing and has been awarded the Plugin Security Certification (PSC), confirming its adherence to industry best practices for security and reliability.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED

Feb 02, 2025

CVE, Research URL: CVE-2025-24710
Home page URL: Security reports for Gwolle Guestbook
Application: Gwolle Guestbook
Date: Jan 31, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook allows Reflected XSS. This issue affects Gwolle Guestbook: from n/a through 4.7.1.
Affected versions: Min -, max -.
Status: vulnerable

Jun 06, 2024

CVE, Research URL: CVE-2018-17884
Home page URL: Security reports for Gwolle Guestbook
Application: Gwolle Guestbook
Date: Oct 02, 2018
Research Description: XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2015-8351
Home page URL: Security reports for Gwolle Guestbook
Application: Gwolle Guestbook
Date: Sep 12, 2017
Research Description: PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24980
Home page URL: Security reports for Gwolle Guestbook
Application: Gwolle Guestbook
Date: Dec 27, 2021
Research Description: The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page
Affected versions: Min -, max -.
Status: vulnerable