VYPR
Vendor

Gwolle Guestbook Project

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2015-8351CriSep 11, 2017
    risk 0.64cvss 9.0epss 0.37

    PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE:…

  • CVE-2025-24710HigJan 31, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook gwolle-gb allows Reflected XSS.This issue affects Gwolle Guestbook: from n/a through <= 4.7.1.

  • CVE-2025-5807MedJul 10, 2025
    risk 0.33cvss 6.1epss 0.00

    The Gwolle Guestbook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘gwolle_gb_content’ parameter in all versions up to, and including, 4.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2021-24980Dec 27, 2021
    risk 0.00cvss epss 0.01

    The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page