CVE-2025-5807
📋 TL;DR
The Gwolle Guestbook WordPress plugin has a stored XSS vulnerability that allows unauthenticated attackers to inject malicious scripts into guestbook entries. These scripts execute when users view the compromised pages, potentially affecting all visitors. All WordPress sites using Gwolle Guestbook up to version 4.9.2 are vulnerable.
💻 Affected Systems
- Gwolle Guestbook WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of users, or install malware on visitor systems.
Likely Case
Attackers will inject scripts to steal session cookies or redirect users to phishing/malware sites, compromising user accounts and data.
If Mitigated
With proper web application firewalls and content security policies, script execution could be blocked, limiting impact to defacement only.
🎯 Exploit Status
The vulnerability is simple to exploit with basic web knowledge and no authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.9.3
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3316455/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Gwolle Guestbook and click 'Update Now'. 4. Verify version is 4.9.3 or higher.
🔧 Temporary Workarounds
Disable Guestbook Plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate gwolle-gb
Web Application Firewall Rule
allAdd WAF rule to block requests containing malicious scripts in gwolle_gb_content parameter
🧯 If You Can't Patch
- Disable the Gwolle Guestbook plugin immediately
- Implement Content Security Policy headers to restrict script execution
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Gwolle Guestbook version. If version is 4.9.2 or lower, you are vulnerable.Check Version:
wp plugin get gwolle-gb --field=versionVerify Fix Applied:
After updating, verify the plugin version shows 4.9.3 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to guestbook submission endpoints with script tags in parameters
- Multiple guestbook entries from same IP with encoded payloads
Network Indicators:
- HTTP requests containing <script> tags or javascript: URIs in gwolle_gb_content parameter
SIEM Query:
source="wordpress.log" AND "gwolle_gb_content" AND ("<script>" OR "javascript:")