ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Gwolle Guestbook Plugin 1.5.3 - Remote File Inclusion

Product
Gwolle Guestbook
Description
This Gwolle Guestbook plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server, because "abspath"parameter is not sanitized before it will be using in PHP require() function and "wp-load.php" file is included on the web server.
Solution
Upgrade the plugin.
Classification
Type Remote File Inclusion
References
Exploit-DB
CVE
Name CVE- 2015-8351
Versions
Affected In <= 1.5.3
Fixed In 1.5.4
Disclosure date
2015-12-03
Credits
High-Tech Bridge SA