Gwolle Guestbook Project Gwolle Guestbook vulnerabilities
4 known vulnerabilities affecting gwolle_guestbook_project/gwolle_guestbook.
Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2015-8351P1CRITICALCVSS 9.0ExploitedPoC≤ 1.5.32017-09-11
CVE-2015-8351 [CRITICAL] CWE-94 CVE-2015-8351: PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, w
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via
nvd
CVE-2017-20089P4MEDIUMCVSS 6.1v1.7.42022-06-23
CVE-2017-20089 [MEDIUM] CWE-80 CVE-2017-20089: A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This i
A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.
nvd
CVE-2018-17884P4MEDIUMCVSS 6.1fixed in 2.5.42018-10-02
CVE-2018-17884 [MEDIUM] CWE-79 CVE-2018-17884: XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4
XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php
nvd
CVE-2021-24980P4MEDIUMCVSS 6.1fixed in 4.2.02021-12-27
CVE-2021-24980 [MEDIUM] CWE-79 CVE-2021-24980: The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_e
The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page
nvd