CVE-2021-47830 – CVE-2021-47830 is a CSRF vulnerability in GetSi... (How to Fix)

Q: What is the severity of CVE-2021-47830?

CVE-2021-47830 has a CVSS score of 6.5 (MEDIUM). CVE-2021-47830 is a CSRF vulnerability in GetSimple CMS My SMTP Contact Plugin 1.1.1 that allows attackers to trick authenticated administrators into changing SMTP configuration settings via malicious webpages. This affects administrators of websites using this specific plugin version. The vulnerability enables unauthorized configuration changes but doesn't directly lead to remote code execution.

📋 TL;DR

CVE-2021-47830 is a CSRF vulnerability in GetSimple CMS My SMTP Contact Plugin 1.1.1 that allows attackers to trick authenticated administrators into changing SMTP configuration settings via malicious webpages. This affects administrators of websites using this specific plugin version. The vulnerability enables unauthorized configuration changes but doesn't directly lead to remote code execution.

💻 Affected Systems

Products:

GetSimple CMS My SMTP Contact Plugin

Versions: 1.1.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires GetSimple CMS with the vulnerable plugin installed and an authenticated administrator session.

📦 What is this software?

Getsimplecms by Get Simple

View all CVEs affecting Getsimplecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could redirect all contact form emails to malicious addresses, intercept sensitive communications, or disable email functionality entirely, potentially leading to data leakage or service disruption.

🟠

Likely Case

Attackers change SMTP settings to intercept contact form submissions, potentially capturing sensitive user information or redirecting legitimate communications.

🟢

If Mitigated

With proper CSRF protections and administrator awareness, the attack would fail, leaving SMTP configuration unchanged.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to get authenticated administrators to visit malicious pages. Multiple public exploit examples exist.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.2 or later

Vendor Advisory: http://get-simple.info

Restart Required: No

Instructions:

1. Update GetSimple CMS My SMTP Contact Plugin to version 1.1.2 or later. 2. Verify the update was successful by checking the plugin version in the admin panel.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF protection tokens to the SMTP configuration form manually if unable to update immediately.

Restrict Admin Access

all

Limit administrator access to trusted networks only and implement strict access controls.

🧯 If You Can't Patch

Disable the My SMTP Contact Plugin entirely and use alternative contact form solutions.
Implement web application firewall rules to detect and block CSRF attempts targeting the SMTP configuration endpoint.

🔍 How to Verify

Check if Vulnerable:

Check the plugin version in GetSimple CMS admin panel under Plugins > My SMTP Contact. If version is 1.1.1, the system is vulnerable.

Check Version:

Check via GetSimple CMS admin interface: Plugins > My SMTP Contact

Verify Fix Applied:

After updating, verify the plugin version shows 1.1.2 or later in the admin panel and test that CSRF tokens are present in SMTP configuration form requests.

📡 Detection & Monitoring

Log Indicators:

Unexpected SMTP configuration changes in admin logs
Multiple failed configuration attempts from unusual IP addresses

Network Indicators:

POST requests to SMTP configuration endpoint without proper referrer headers or CSRF tokens
Unusual traffic patterns to admin configuration pages

SIEM Query:

source="webserver" AND (uri="/admin/load.php?id=my_smtp_contact" OR uri CONTAINS "my_smtp_contact") AND method="POST"

📊 Metadata

CVE ID: CVE-2021-47830

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE: CWE-352

EPSS Score: 0.12% exploit probability (31.5th percentile)

Published: January 21, 2026

Last Updated: March 6, 2026

🔗 References

http://get-simple.info Product
https://github.com/GetSimpleCMS/GetSimpleCMS Product
https://www.exploit-db.com/exploits/49774 Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/49798 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/getsimple-cms-my-smtp-contact-plugin-csrf Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47830, you might also want to check these: