CVE-2021-29400

A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
netexplorermy_smtp_contact
1.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://get-simple.info/extend/plugin/my-smtp-contact/1221/
http://get-simple.info/extend/plugin/my-smtp-contact/1221/