CVE-2021-47830

EUVD-2026-3644
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
CSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
get-simplegetsimplecms
1.1.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://get-simple.info
https://github.com/GetSimpleCMS/GetSimpleCMS
https://www.exploit-db.com/exploits/49774
https://www.exploit-db.com/exploits/49798
https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-csrf