← Back to CVEs
CVE-2021-47830
MEDIUM6.5
Description
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.
CVE Details
CVSS v3.1 Score6.5
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published1/21/2026
Last Modified3/6/2026
Sourcenvd
Honeypot Sightings0
Affected Products
get-simple:getsimplecms
Weaknesses (CWE)
CWE-352
References
http://get-simple.info(disclosure@vulncheck.com)
https://github.com/GetSimpleCMS/GetSimpleCMS(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/49774(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/49798(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-csrf(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.