This Gwolle Guestbook plugin is prone to remote file include vulnerability. It allows an attacker to include a remote file and get access to the server, because "abspath"parameter is not sanitized before it will be using in PHP require() function and “wp-load.php” file is included on the web server.
Upgrade the plugin.