WordPress Gwolle Guestbook Plugin Cross-Site Scripting Vulnerability (CNVD-2021-103362)

WordPress is the Wordpress Foundation’s suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Gwolle Guestbook plugin has a cross-site scripting vulnerability in versions prior to 4.2.0, which stems from the plugin’s lack of user-supplied data and output data validation filtering in the gwolle_gb_user_email parameter. An attacker could use this vulnerability to execute JavaScript code on the client side.