Plattform
php
Komponente
my-smtp-contact-plugin
Behoben in
1.1.2
CVE-2021-47830 describes a cross-site request forgery (CSRF) vulnerability affecting versions 1.1.1–1.1.1 of the My SMTP Contact Plugin for GetSimple CMS. This vulnerability allows attackers to manipulate SMTP configuration settings within the plugin if an authenticated administrator visits a malicious webpage. While it doesn't directly lead to remote code execution, it can enable unauthorized changes to email server settings.
The primary impact of this CSRF vulnerability lies in the potential for unauthorized modification of SMTP configuration settings. An attacker could leverage this to redirect email traffic, potentially leading to phishing campaigns or denial-of-service scenarios by disrupting legitimate email delivery. While direct remote code execution is not possible, the ability to control email routing can be exploited for various malicious purposes, including data exfiltration or impersonation. The blast radius extends to any users who rely on the GetSimple CMS site for email communication.
This vulnerability was publicly disclosed on 2026-01-21. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. The probability of exploitation is considered low due to the lack of readily available exploits and the requirement for an authenticated administrator to be targeted.
Administrators of GetSimple CMS sites using the My SMTP Contact Plugin versions 1.1.1–1.1.1 are at risk. Sites with shared hosting environments or those that haven't implemented robust security practices are particularly vulnerable.
• wordpress / composer / npm:
grep -r 'smtp_host = ' /var/www/html/plugins/my-smtp-contact-plugin/• generic web:
curl -I https://example.com/plugins/my-smtp-contact-plugin/admin.php | grep -i 'csrf token'disclosure
Exploit-Status
EPSS
0.07% (22% Perzentil)
CISA SSVC
The most effective mitigation is to upgrade to a patched version of the My SMTP Contact Plugin as soon as it becomes available. Until a patch is released, implement strict input validation on all parameters related to SMTP configuration. Consider adding CSRF tokens to all relevant forms and actions within the plugin to prevent unauthorized requests. Web application firewalls (WAFs) can be configured to detect and block suspicious requests exhibiting CSRF patterns. Regularly review SMTP configuration settings for any unexpected changes.
Actualice el plugin My SMTP Contact a la última versión disponible para mitigar la vulnerabilidad de CSRF. Verifique que las configuraciones del plugin estén protegidas contra modificaciones no autorizadas. Implemente medidas de seguridad adicionales, como la validación de entradas y la protección contra ataques CSRF en general.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2021-47830 is a cross-site request forgery (CSRF) vulnerability in My SMTP Contact Plugin versions 1.1.1–1.1.1 for GetSimple CMS, allowing attackers to modify SMTP settings.
You are affected if you are using My SMTP Contact Plugin versions 1.1.1–1.1.1 in your GetSimple CMS installation.
Upgrade to a patched version of the plugin as soon as it's available. Implement input validation and CSRF tokens as interim mitigation.
There is no confirmed active exploitation of CVE-2021-47830 at this time, but the potential for exploitation remains.
Refer to the GetSimple CMS website and security advisories for updates and official information regarding CVE-2021-47830.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.