CVE-2021-47830
MEDIUM WAF: Low
CVSS 6.5
Published: 2026-01-21
CWE-352
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
WAF Coverage Analysis
Cross-Site Request Forgery (CSRF)
Low WAF Coverage
OWASP: A01:2021 Broken Access Control
Affected Software
| Vendor | Product | Version |
|---|---|---|
| get-simple | getsimplecms | 1.1.1 |
References
- get-simple.info (Product)
- github.com (Product)
- www.exploit-db.com (Exploit, Third Party Advisory, VDB Entry)
- www.exploit-db.com (Exploit, Third Party Advisory, VDB Entry)
- www.vulncheck.com (Third Party Advisory)