CVE-2021-47778 HIGH

CVE-2021-47778: GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

Vendor Get-Simple
Product My SMTP Contact Plugin
Weakness CWE-94 · Code injection
Published January 21, 2026
Last update April 7, 2026

CVSS base score

8.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.

Key dates

02Disclosure timeline

January 21, 2026 CVE published
April 7, 2026 Record updated