Get-simple Getsimplecms

21 CVEs affecting Get-simple Getsimplecms. Latest disclosed: 2026-01-21. Critical: 2, High: 3.

Top CVEs affecting Get-simple Getsimplecms
CVESeverityScorePublishedSummary
CVE-2023-46042Critical9.82023-10-19An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().
CVE-2020-18191Critical9.12020-10-02GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php
CVE-2013-10032High8.82025-07-25An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to…
CVE-2021-47778High7.22026-01-21GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject arbitrary PHP code through pl…
CVE-2021-28976High7.22021-06-23Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
CVE-2021-47830Medium6.52026-01-21GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malicious webpage that, when visit…
CVE-2021-36601Medium6.12021-08-10GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter.
CVE-2020-18660Medium6.12021-06-23GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
CVE-2020-18659Medium6.12021-06-23Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php
CVE-2020-18658Medium6.12021-06-23Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
CVE-2020-18657Medium6.12021-06-23Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the headers_sent function.
CVE-2021-47870Medium5.42026-01-21GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to sanitize user input using htm…
CVE-2023-51246Medium5.42024-01-08A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php…
CVE-2023-46040Medium5.42023-10-31Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php…
CVE-2020-21353Medium5.42021-08-06A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbitrary web scripts or HTML via…
CVE-2020-20391Medium5.42021-06-23Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.
CVE-2021-47860Medium5.32026-01-21GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to inject arbitrary client-side co…
CVE-2020-20389Medium4.82021-06-23Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.
CVE-2021-28977Medium4.82021-06-23Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla…
CVE-2023-6188Medium4.72023-11-17A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing of the file /admin/theme-edi…