CVE-2021-47870
GetSimple CMS My SMTP Contact Plugin 1.1.2 - Stored XSS
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. This allows attackers to inject arbitrary client-side code that executes in the administrator's browser when visiting a malicious page.
| CWE | CWE-79 |
| Vendor | getsimple cms |
| Product | my smtp contact plugin |
| Published | Jan 21, 2026 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for getsimple cms my smtp contact plugin
Be the first to know when new unknown vulnerabilities affecting getsimple cms my smtp contact plugin are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
GetSimple CMS / My SMTP Contact Plugin
1.1.2
References
github.com: https://github.com/boku7/gsSMTP-Csrf2Xss2RCE/ get-simple.info: http://get-simple.info github.com: https://github.com/GetSimpleCMS/GetSimpleCMS exploit-db.com: https://www.exploit-db.com/exploits/49798 vulncheck.com: https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-stored-xss
Credits
Bobby Cooke (boku)