VYPR

Gwolle Gb

by WordPress

Source repositories

CVEs (3)

  • CVE-2025-24710HigJan 31, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook gwolle-gb allows Reflected XSS.This issue affects Gwolle Guestbook: from n/a through <= 4.7.1.

  • CVE-2018-17884MedOct 2, 2018
    risk 0.40cvss 6.1epss 0.01

    XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php

  • CVE-2025-5807MedJul 10, 2025
    risk 0.33cvss 6.1epss 0.00

    The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gwolle_gb_content’ parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…