** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804.NOTE: this issue has been disputed by third party researchers, stating that the include_path variable is instantiated before use.Cross-site scripting (XSS) vulnerability in in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.Advanced Guestbook is a PHP-based guestbook script.It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handling, smilies, advanced guestbook codes and language support.Gwolle Guestbook is the Word Press guestbook you've just been looking for. Gwolle Guestbook is not just another guestbook for Word Press.
I will make a request on make/polyglots to have you added as validator for this plugin/locale.
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a ..
Don't use your 'comment' section the wrong way - install Gwolle Guestbook and have a real guestbook. and all that integrated in the stylish Word Press look. That's great, because Gwolle Guestbook enables you to import entries easily. You can start translating strings there for your locale.
The importer does not delete any of your data, so you can go back to your previous setup without loss of data, if you want to. Import is supported from: If you have a problem or a feature request, please post it on the plugin's support forum on They need to be validated though, so if there's no validator yet, and you want to apply for being validator (PTE), please post it on the support forum.
Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in and (2) the gb_id parameter in
NOTE: The index.php/entry vector might be resultant from CVE-2005-1548.