CVE-2025-5807 is a medium-severity stored Cross-Site Scripting (XSS) vulnerability affecting the Gwolle Guestbook plugin for WordPress, versions up to and including 4.9.2. The vulnerability arises from improper neutralization of input during web page generation, specifically via the 'gwolle_gb_content' parameter. Due to insufficient input sanitization and output escaping, unauthenticated attackers can inject arbitrary malicious scripts into guestbook entries. These scripts execute in the context of any user who views the infected guestbook page, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim. The vulnerability does not require authentication but does require user interaction (visiting the infected page) and has a CVSS 3.1 base score of 6.1, reflecting a medium severity with low complexity for exploitation and a scope that affects confidentiality and integrity but not availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability is classified under CWE-79, indicating improper input neutralization during web page generation, a common vector for persistent XSS attacks in web applications.

For European organizations using WordPress sites with the Gwolle Guestbook plugin, this vulnerability poses a risk of client-side script injection that can compromise user data confidentiality and integrity. Attackers can steal session cookies, impersonate users, or perform actions on their behalf, potentially leading to unauthorized access to sensitive information or manipulation of site content. This is particularly concerning for organizations that rely on guestbook functionality for customer interaction, feedback, or community engagement, as it undermines user trust and can lead to reputational damage. While the vulnerability does not directly affect server availability, the indirect consequences of successful exploitation—such as data breaches or defacement—can have regulatory and compliance implications under GDPR and other European data protection laws. The unauthenticated nature of the attack increases the risk, as attackers do not need credentials to exploit the flaw, broadening the attack surface.

European organizations should immediately audit their WordPress installations to identify the presence of the Gwolle Guestbook plugin, especially versions up to 4.9.2. Until an official patch is released, administrators should consider disabling or removing the plugin to eliminate the attack vector. Implementing a Web Application Firewall (WAF) with rules to detect and block malicious script payloads targeting the 'gwolle_gb_content' parameter can provide interim protection. Additionally, applying Content Security Policy (CSP) headers can help mitigate the impact of injected scripts by restricting script execution sources. Site owners should also review guestbook entries for suspicious content and sanitize or remove any entries containing potentially malicious scripts. Monitoring web logs for unusual activity related to guestbook submissions and user sessions is advised. Finally, educating users about the risks of interacting with untrusted content and encouraging the use of updated browsers with built-in XSS protections can reduce exploitation likelihood.