CVE-2021-47830

MEDIUM

GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF

Title source: llm

Description

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.

Exploits (2)

exploitdb WORKING POC

by boku · pythonwebappsphp

https://www.exploit-db.com/exploits/49798

View Code ZIP pw:eip

exploitdb WORKING POC

by boku · pythonwebappsphp

https://www.exploit-db.com/exploits/49774

View Code ZIP pw:eip

References (5)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49774

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49798

[Various Sources] http://get-simple.info

[Various Sources] https://github.com/GetSimpleCMS/GetSimpleCMS

[Third Party Advisory] https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-csrf

Scores

CVSS v3 6.5

EPSS 0.0008

EPSS Percentile 24.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (2)

get-simple/getsimplecms 1.1.1

GetSimple CMS/My SMTP Contact Plugin 1.1.1

Published Jan 21, 2026

Tracked Since Feb 18, 2026