CVE-2021-47830

MEDIUM

GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF

Title source: llm

Description

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.

Exploits (2)

exploitdb WORKING POC

by boku · pythonwebappsphp

https://www.exploit-db.com/exploits/49798

View Code ZIP pw:eip

exploitdb WORKING POC

by boku · pythonwebappsphp

https://www.exploit-db.com/exploits/49774

View Code ZIP pw:eip

References (5)

[Various Sources] http://get-simple.info

[Various Sources] https://github.com/GetSimpleCMS/GetSimpleCMS

[Third Party Advisory] https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-csrf

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49774

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49798

Scores

CVSS v3 6.5

EPSS 0.0007

EPSS Percentile 22.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-352

Status published

Affected Products (1)

get-simple/getsimplecms

Timeline

Published Jan 21, 2026

Tracked Since Feb 18, 2026