cleantalk
Vulnerabilities and Security Researches

Gwolle Guestbook, CVE-2015-8351

CVE, Research URL

CVE-2015-8351

Home page URL

Security reports for Gwolle Guestbook

Application

Gwolle Guestbook

Published on
Sep 12, 2017
Research Description
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
Affected versions
Min -, max 2.1.1.
Status
vulnerable
Previous vulnerability researches
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Gwolle Guestbook , Feb 12, 2025
Gwolle Guestbook (CVE-2025-24710) , Feb 02, 2025
Gwolle Guestbook (CVE-2018-17884) , Jun 06, 2024
Gwolle Guestbook (CVE-2015-8351) , Jun 06, 2024
New vulnerability
WP Register Profile With Shortcode (CVE-2025-4593) , Jul 13, 2025
Simple File List (CVE-2025-34085) , Jul 13, 2025
Pakke Envíos (CVE-2025-52819) , Jul 13, 2025
Gwolle Guestbook (CVE-2025-5807) , Jul 13, 2025
Tennis Court Bookings (CVE-2025-52787) , Jul 13, 2025