CVE-2021-47778

UNKNOWN 0.0

GetSimple CMS My SMTP Contact Plugin 1.1.2 - PHP Code Injection

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server.

CWE	CWE-94
Vendor	get-simple
Product	my smtp contact plugin
Published	Jan 21, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for get-simple my smtp contact plugin

Be the first to know when new unknown vulnerabilities affecting get-simple my smtp contact plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Get-Simple / My SMTP Contact Plugin

1.1.2

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/49774 get-simple.info: http://get-simple.info github.com: https://github.com/GetSimpleCMS/GetSimpleCMS github.com: https://github.com/boku7/gsSMTP-Csrf2Xss2RCE/ vulncheck.com: https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-php-code-injection

Credits

Bobby Cooke (boku)