WordPress Plugin Vulnerabilities

Gwolle Guestbook <= 1.5.3 - Remote File Inclusion (RFI)

Description

The Gwolle Guestbook WordPress plugin was affected by a Remote File Inclusion (RFI) security vulnerability.

Affects Plugins

Plugin icon
gwolle-gb
Fixed in 1.5.4

References

CVE
CVE-2015-8351
URL
https://www.immuniweb.com/advisory/HTB23275
URL
https://seclists.org/bugtraq/2015/Dec/8

Classification

Type
RFI
OWASP top 10
A1: Injection
CWE
CWE-98
CVSS
9.0 (critical)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
65d869e8-5c50-4c82-9101-6b533da0c207

Timeline

Publicly Published
2015-10-21 (about 10 years ago)
Added
2015-10-21 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-02-25
Title
Quantum <= 1.0 - Unauthenticated Local File Inclusion
Published
2024-11-11
Title
Classified Listing < 3.1.17 - Authenticated (Contributor+) Local File Inclusion
Published
2025-12-15
Title
ekommart < 4.3.1 - Authenticated (Contributor+) Local File Inclusion
Published
2025-12-28
Title
Fana < 1.1.36 - Authenticated (Contributor+) Local File Inclusion
Published
2024-09-24
Title
WP Newsletter Subscription <= 1.1 - Unauthenticated Local File Inclusion