U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:gwolle_guestbook_project:gwolle_guestbook:0.9.4.6:*:*:*:*:wordpress:*:*
  • CPE Name Search: true
There are 3 matching records.
Displaying matches 1 through 3.
Vuln ID Summary CVSS Severity
CVE-2021-24980

The Gwolle Guestbook WordPress plugin before 4.2.0 does not sanitise and escape the gwolle_gb_user_email parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in an admin page

Published: December 27, 2021; 6:15:09 AM -0500 		V4.0:(not available)
 V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-17884

XSS exists in admin/gb-dashboard-widget.php in the Gwolle Guestbook (gwolle-gb) plugin before 2.5.4 for WordPress via the PATH_INFO to wp-admin/index.php

Published: October 02, 2018; 2:29:02 PM -0400 		V4.0:(not available)
 V3.0: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2015-8351

PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.

Published: September 11, 2017; 4:29:00 PM -0400 		V4.0:(not available)
 V3.0: 9.0 CRITICAL
V2.0: 6.8 MEDIUM