CSRF Vulnerability in My SMTP Contact v1.1.1 Plugin for GetSimple CMS Allows Unauthorized SMTP Setting Changes
CVE-2021-29400 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site.
Learn more about our Web App Pen Testing.