CVE-2021-47830 MEDIUM

CVE-2021-47830: GetSimple CMS My SMTP Contact Plugin 1.1.1 - CSRF

Vendor Getsimple Cms
Product My SMTP Contact Plugin
Weakness CWE-352 · CSRF
Published January 21, 2026
Last update April 7, 2026

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not directly enable remote code execution.

Key dates

02Disclosure timeline

January 21, 2026 CVE published
April 7, 2026 Record updated