Reflected XSS Vulnerability in Gwolle Guestbook by Marcel Pol
CVE-2025-24710

7.1HIGH

Key Information:

Vendor: WordPress
Status: Gwolle Guestbook
Vendor: CVE Published:; 31 January 2025

Summary

A reflected XSS vulnerability exists in the Gwolle Guestbook, a popular plugin by Marcel Pol. This vulnerability arises from improper neutralization of user input during the generation of web pages. Attackers can exploit this flaw to inject malicious scripts, which can execute in the context of users’ browsers, leading to unauthorized actions or data theft. The affected versions range from n/a to 4.7.1, exposing users to significant security risks if not addressed promptly.

Affected Version(s)

Gwolle Guestbook <= 4.7.1

References

https://patchstack.com/database/wordpress/plugin/gwolle-g...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 31, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

Peter Thaleikis (Patchstack Alliance)