CVE-2021-47830 | THREATINT

Description

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-21 | Updated 2026-01-22 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

Cross-Site Request Forgery (CSRF)

Product status

1.1.1

affected

Credits

Bobby Cooke (boku) finder

References

www.exploit-db.com/exploits/49774 (ExploitDB-49774) exploit

www.exploit-db.com/exploits/49798 (ExploitDB-49798) exploit

get-simple.info (GetSimple CMS Webpage) product

github.com/GetSimpleCMS/GetSimpleCMS (GetSimple CMS GitHub Repository) product

www.vulncheck.com/...tsimple-cms-my-smtp-contact-plugin-csrf (VulnCheck Advisory: GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF) third-party-advisory

cve.org (CVE-2021-47830)

nvd.nist.gov (CVE-2021-47830)

Download JSON