CVE-2025-5807 identifies a stored Cross-Site Scripting (XSS) vulnerability in the Gwolle Guestbook plugin for WordPress, versions up to and including 4.9.2. The vulnerability stems from insufficient sanitization and escaping of the 'gwolle_gb_content' parameter, which is used to store guestbook entries. Because the plugin fails to properly neutralize malicious input, an unauthenticated attacker can inject arbitrary JavaScript code that is stored persistently in the guestbook database. When any user accesses the affected guestbook page, the malicious script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability does not require authentication but does require user interaction (visiting the infected page). The CVSS 3.1 base score is 6.1 (medium), reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and impacts on confidentiality and integrity with no availability impact. No patches or official fixes are currently linked, and no known exploits have been reported in the wild. The vulnerability is categorized under CWE-79, which covers improper neutralization of input during web page generation. Given the widespread use of WordPress and the popularity of guestbook plugins, this vulnerability poses a moderate risk to websites that have not updated or mitigated the issue.

The primary impact of CVE-2025-5807 is the compromise of user confidentiality and integrity on affected WordPress sites using the Gwolle Guestbook plugin. Attackers can inject malicious scripts that execute in the browsers of visitors, potentially stealing session cookies, redirecting users to phishing sites, or performing unauthorized actions on behalf of users. This can lead to account compromise, data leakage, and reputational damage for organizations. While availability is not directly affected, the indirect consequences of successful attacks may include loss of user trust and increased support costs. The vulnerability is exploitable remotely without authentication, increasing the attack surface. Organizations with public-facing WordPress sites that use this plugin are at risk, especially those with high traffic or sensitive user data. The lack of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as attackers may develop exploits in the future. The scope includes all versions of the plugin up to 4.9.2, affecting potentially thousands of websites worldwide.

To mitigate CVE-2025-5807, organizations should first check if they are using the Gwolle Guestbook plugin and identify the version. If possible, update the plugin to a version that addresses the vulnerability once released. In the absence of an official patch, apply manual mitigations such as implementing strict input validation and output encoding on the 'gwolle_gb_content' parameter to neutralize malicious scripts. Disable or restrict guestbook functionality if it is not essential to reduce the attack surface. Employ Web Application Firewalls (WAFs) with rules to detect and block typical XSS payloads targeting the guestbook parameter. Monitor guestbook entries for suspicious or unexpected content and remove any malicious entries promptly. Educate site administrators about the risks of accepting untrusted input and encourage regular security audits of plugins. Additionally, ensure that WordPress core and all plugins are kept up to date to minimize exposure to known vulnerabilities.