CSRF Vulnerability in My SMTP Contact v1.1.1 Plugin for GetSimple CMS Allows Unauthorized SMTP Setting Changes

CSRF Vulnerability in My SMTP Contact v1.1.1 Plugin for GetSimple CMS Allows Unauthorized SMTP Setting Changes

CVE-2021-29400 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

A cross-site request forgery (CSRF) vulnerability in the My SMTP Contact v1.1.1 plugin for GetSimple CMS allows remote attackers to change the SMTP settings of the contact forms for the webpages of the CMS after an authenticated admin visits a malicious third-party site.

Learn more about our Web App Pen Testing.