Getsimplecms
Monthly
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. [CVSS 5.4 MEDIUM]
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. [CVSS 5.3 MEDIUM]
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. [CVSS 6.5 MEDIUM]
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server. [CVSS 7.2 HIGH]
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htmlspecialchars(), but this can be bypassed by passing dangerous characters as escaped hex bytes. [CVSS 5.4 MEDIUM]
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side code into administrator browsers. [CVSS 5.3 MEDIUM]
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. [CVSS 6.5 MEDIUM]
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through plugin configuration parameters, leading to remote code execution on the server. [CVSS 7.2 HIGH]