WP-Safety

Gwolle Guestbook Security & Risk Analysis

wordpress.org/plugins/gwolle-gb

Gwolle Guestbook is the WordPress guestbook you've just been looking for. Beautiful and easy.

20K active installs v4.10.1 PHP 7.0+ WP 4.1+ Updated Feb 6, 2026
gastebuchguest-bookguestbooklivre-dorreview
89
A · Safe
CVEs total7
Unpatched0
Last CVEJul 9, 2025
Plugin page Download
Safety Verdict

Is Gwolle Guestbook Safe to Use in 2026?

Generally Safe

Score 89/100

Gwolle Guestbook has a strong security track record. Known vulnerabilities have been patched promptly.

7 known CVEsLast CVE: Jul 9, 2025Updated 1mo ago
Risk Assessment

The "gwolle-gb" plugin exhibits a mixed security posture. While it demonstrates good practices such as a significant number of nonce and capability checks, and a reasonable percentage of SQL queries using prepared statements, several concerning areas are present. The static analysis reveals a substantial attack surface, particularly with 6 out of 7 AJAX handlers lacking authentication checks. Although no critical or high severity taint flows were identified, the presence of 2 flows with unsanitized paths warrants attention as they could potentially lead to vulnerabilities if not handled carefully. The plugin's history of 7 known CVEs, including past critical and high severity issues like Cross-Site Scripting, CSRF, and PHP Remote File Inclusion, is a significant concern. The fact that there are currently no unpatched vulnerabilities is positive, but the historical pattern suggests a recurring tendency for vulnerabilities to be introduced or discovered. The plugin's last reported vulnerability was in July 2025, which is concerning as it implies recent issues or a delayed reporting mechanism.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized paths in taint flows
  • History of critical CVEs
  • History of high CVEs
  • History of medium CVEs
  • Recent vulnerability reported (2025-07-09)
Vulnerabilities
7

Gwolle Guestbook Security Vulnerabilities

CVEs by Year

1 CVE in 2015
2015
2 CVEs in 2017
2017
1 CVE in 2018
2018
1 CVE in 2021
2021
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Critical
1
High
1
Medium
5

7 total CVEs

CVE-2025-5807medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gwolle Guestbook <= 4.9.2 - Unauthenticated Stored Cross-Site Scripting via `gwolle_gb_content` Parameter

Jul 9, 2025 Patched in 4.9.3 (1d)
CVE-2025-24710medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gwolle Guestbook <= 4.7.1 - Reflected Cross-Site Scripting

Jan 31, 2025 Patched in 4.7.2 (4d)
CVE-2021-24980medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gwolle Guestbook <= 4.1.2 - Reflected Cross-Site Scripting

Nov 23, 2021 Patched in 4.2 (791d)
CVE-2018-17884medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gwolle Guestbook <= 2.5.3 - Cross-Site Scripting

Jul 28, 2018 Patched in 2.5.4 (2005d)
WF-96f1ede7-ec36-4edf-baee-5e41907290af-gwolle-gbmedium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Gwolle Guestbook <= 2.1.0 - Stored Cross-Site Scripting

Mar 1, 2017 Patched in 2.1.1 (2519d)
WF-ed61a6b5-5c54-408b-973c-69b0f12d2df5-gwolle-gbhigh · 8.8Cross-Site Request Forgery (CSRF)

Gwolle Guestbook <= 2.1.0 - Cross-Site Request Forgery

Mar 1, 2017 Patched in 2.1.1 (2519d)
CVE-2015-8351critical · 9Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Gwolle Guestbook <= 1.5.3 - Remote File Inclusion

Nov 4, 2015 Patched in 1.5.4 (3002d)
Code Analysis
Analyzed Mar 16, 2026

Gwolle Guestbook Code Analysis

Dangerous Functions
0
Raw SQL Queries
32
40 prepared
Unescaped Output
165
327 escaped
Nonce Checks
18
Capability Checks
26
File Operations
3
External Requests
1
Bundled Libraries
0

SQL Query Safety

56% prepared72 total queries

Output Escaping

66% escaped492 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

8 flows2 with unsanitized paths
gwolle_gb_infinite_scroll_callback (frontend\gb-ajax-infinite-scroll.php:14)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

Gwolle Guestbook Attack Surface

Entry Points12
Unprotected6

AJAX Handlers 7

authwp_ajax_gwolle_gb_ajaxadmin\gb-ajax-management.php:330
authwp_ajax_gwolle_gb_infinite_scrollfrontend\gb-ajax-infinite-scroll.php:95
noprivwp_ajax_gwolle_gb_infinite_scrollfrontend\gb-ajax-infinite-scroll.php:96
authwp_ajax_gwolle_gb_form_ajaxfrontend\gb-form-ajax.php:43
noprivwp_ajax_gwolle_gb_form_ajaxfrontend\gb-form-ajax.php:44
authwp_ajax_gwolle_gb_check_by_emailfunctions\gb-mail.php:491
noprivwp_ajax_gwolle_gb_check_by_emailfunctions\gb-mail.php:492

Shortcodes 5

[gwolle_gb_widget] frontend\gb-shortcode-widget.php:131
[gwolle-gb] frontend\gb-shortcodes.php:82
[gwolle_gb] frontend\gb-shortcodes.php:83
[gwolle_gb_write] frontend\gb-shortcodes.php:123
[gwolle_gb_read] frontend\gb-shortcodes.php:165
WordPress Hooks 48
actionadmin_footeradmin\gb-ajax-management.php:15
actionwp_dashboard_setupadmin\gb-dashboard-widget.php:169
actionadmin_menuadmin\gb-page-add-on.php:19
actionadmin_initadmin\gb-page-export.php:120
actionadmin_initadmin\gb-page-export.php:285
actionadmin_menuadmin\gwolle-gb-hooks.php:75
actionadmin_enqueue_scriptsadmin\gwolle-gb-hooks.php:84
filterplugin_action_linksadmin\gwolle-gb-hooks.php:106
actionadmin_initadmin\gwolle-gb-hooks.php:137
actionadmin_noticesadmin\gwolle-gb-hooks.php:173
filtergwolle_gb_new_entry_frontendfrontend\gb-blocklist.php:94
actioninitfrontend\gb-blocklist.php:109
actionwpfrontend\gb-form-posthandling.php:20
filtergwolle_gb_new_entry_frontendfrontend\gb-form-posthandling.php:544
filtergwolle_gb_new_entry_frontendfrontend\gb-form-posthandling.php:577
actioninitfrontend\gb-rss.php:14
actionwp_headfrontend\gb-rss.php:45
filterfeed_content_typefrontend\gb-rss.php:57
filtergwolle_gb_entries_list_beforefrontend\gb-total.php:73
actionwidgets_initfrontend\gb-widget-search.php:118
actionwidgets_initfrontend\gb-widget.php:446
actionwp_footerfunctions\gb-bbcode_emoji.php:343
actiongwolle_gb_save_entry_adminfunctions\gb-cache.php:92
actiongwolle_gb_save_entry_frontendfunctions\gb-cache.php:93
actioninitfunctions\gb-capabilities.php:37
filtergwolle_gb_entry_the_author_namefunctions\gb-get_entries_from_search.php:340
filtergwolle_gb_entry_the_contentfunctions\gb-get_entries_from_search.php:341
filtergwolle_gb_entry_the_admin_replyfunctions\gb-get_entries_from_search.php:342
actiongwolle_gb_delete_entryfunctions\gb-log.php:268
actiongwolle_gb_save_entry_frontendfunctions\gb-mail.php:147
actiongwolle_gb_save_entry_frontendfunctions\gb-mail.php:229
filtergwolle_gb_mail_moderators_bodyfunctions\gb-mail.php:438
filtergwolle_gb_entry_metabox_linesfunctions\gb-metabox.php:28
filtergwolle_gb_entry_metabox_linesfunctions\gb-metabox.php:53
actionsave_postfunctions\gb-post-meta.php:42
filterthe_contentfunctions\gb-post-meta.php:80
filteris_protected_metafunctions\gb-post-meta.php:103
actionadmin_initfunctions\gb-privacy.php:48
filterwp_privacy_personal_data_exportersfunctions\gb-privacy.php:67
filterwp_privacy_personal_data_erasersfunctions\gb-privacy.php:232
actionadmin_initfunctions\gb-settings.php:55
actiondeleted_userfunctions\gb-user.php:116
actioninitgwolle-gb-hooks.php:40
actionwpmu_new_bloggwolle-gb-hooks.php:56
actionwp_initialize_sitegwolle-gb-hooks.php:73
actionwp_enqueue_scriptsgwolle-gb-hooks.php:99
actioninitgwolle-gb-hooks.php:158
actionadmin_bar_menugwolle-gb-hooks.php:199
Maintenance & Trust

Gwolle Guestbook Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version7.0
Downloads1.5M

Community Trust

Rating96/100
Number of ratings114
Active installs20K
Alternatives

Gwolle Guestbook Alternatives

Memorista

Memorista

memorista

A
100

Offer guestbook functionality on any WordPress site in just a few steps.

60 No CVEs
LIBRO DE VISITAS – GUESTBOOK

LIBRO DE VISITAS – GUESTBOOK

libro-de-visitas-guestbook

A
85

For live example click here!!!

40 No CVEs
Widgets for Google Reviews

Widgets for Google Reviews

wp-reviews-plugin-for-google

A
93

Embed Google reviews fast and easily into your WordPress site. Increase SEO, trust and sales using Google reviews.

900K 4 CVEs
MW WP Form

MW WP Form

mw-wp-form

B
81

MW WP Form is shortcode base contact form plugin. This plugin have many features. For example you can use many validation rules, inquiry data saving, &hellip;

200K 5 CVEs
Public Post Preview

Public Post Preview

public-post-preview

A
100

Allow anonymous users to preview a draft of a post before it is published.

100K No CVEs
Developer Profile

Gwolle Guestbook Developer Profile

Marcel Pol

18 plugins · 82K total installs

78
trust score
Avg Security Score
99/100
Avg Patch Time
1119 days
View full developer profile
Detection Fingerprints

How We Detect Gwolle Guestbook

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gwolle-gb/frontend/css/gwolle-gb-frontend.css/wp-content/plugins/gwolle-gb/frontend/css/gwolle-gb-widget.css/wp-content/plugins/gwolle-gb/frontend/js/gwolle-gb-frontend.js/wp-content/plugins/gwolle-gb/frontend/js/gwolle-gb-widget.js
Script Paths
/wp-content/plugins/gwolle-gb/frontend/js/gwolle-gb-frontend.js/wp-content/plugins/gwolle-gb/frontend/js/gwolle-gb-widget.js
Version Parameters
gwolle-gb/frontend/css/gwolle-gb-frontend.css?ver=gwolle-gb/frontend/css/gwolle-gb-widget.css?ver=gwolle-gb/frontend/js/gwolle-gb-frontend.js?ver=gwolle-gb/frontend/js/gwolle-gb-widget.js?ver=

HTML / DOM Fingerprints

CSS Classes
gwolle-gbgwolle-gb-formgwolle-gb-entriesgwolle-gb-entrygwolle-gb-widget-wrapper
HTML Comments
Gwolle Guestbookend Gwolle Guestbook
Data Attributes
data-gwolle-gb-form-id
JS Globals
gwolle_gb_frontend_paramsgwolle_gb_widget_params
REST Endpoints
/wp-json/gwolle-gb/
Shortcode Output
[gwolle_gb][gwolle_gb_list]
FAQ

Frequently Asked Questions about Gwolle Guestbook