Skip to main content

Gwolle Guestbook

3 CVEs product

Monthly

CVE-2021-24980 MEDIUM POC This Month

The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gwolle Guestbook
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2018-17884 MEDIUM POC This Month

XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Gwolle Guestbook
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2015-8351 CRITICAL POC THREAT Emergency

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 69.4%.

Path Traversal Code Injection RCE PHP WordPress +1
NVD Exploit-DB
CVSS 3.0
9.0
EPSS
69.4%
Threat
5.4
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gwolle Guestbook
NVD WPScan
EPSS 1% CVSS 6.1
MEDIUM POC This Month

XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP +1
NVD
EPSS 69% 5.4 CVSS 9.0
CRITICAL POC THREAT Emergency

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 69.4%.

Path Traversal Code Injection RCE +3
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy