Get-simple Getsimplecms
21 CVEs affecting Get-simple Getsimplecms. Latest disclosed: 2026-01-21. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-46042 | Critical | 9.8 | 2023-10-19 | An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). |
CVE-2020-18191 | Critical | 9.1 | 2020-10-02 | GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php |
CVE-2013-10032 | High | 8.8 | 2025-07-25 | An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to… |
CVE-2021-47778 | High | 7.2 | 2026-01-21 | GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through pl… |
CVE-2021-28976 | High | 7.2 | 2021-06-23 | Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess. |
CVE-2021-47830 | Medium | 6.5 | 2026-01-21 | GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visit… |
CVE-2021-36601 | Medium | 6.1 | 2021-08-10 | GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. |
CVE-2020-18660 | Medium | 6.1 | 2021-06-23 | GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter. |
CVE-2020-18659 | Medium | 6.1 | 2021-06-23 | Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php |
CVE-2020-18658 | Medium | 6.1 | 2021-06-23 | Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. |
CVE-2020-18657 | Medium | 6.1 | 2021-06-23 | Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function. |
CVE-2021-47870 | Medium | 5.4 | 2026-01-21 | GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htm… |
CVE-2023-51246 | Medium | 5.4 | 2024-01-08 | A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php… |
CVE-2023-46040 | Medium | 5.4 | 2023-10-31 | Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php… |
CVE-2020-21353 | Medium | 5.4 | 2021-08-06 | A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via… |
CVE-2020-20391 | Medium | 5.4 | 2021-06-23 | Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. |
CVE-2021-47860 | Medium | 5.3 | 2026-01-21 | GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side co… |
CVE-2020-20389 | Medium | 4.8 | 2021-06-23 | Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. |
CVE-2021-28977 | Medium | 4.8 | 2021-06-23 | Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla… |
CVE-2023-6188 | Medium | 4.7 | 2023-11-17 | A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edi… |