Product
get simple getsimple cms
59 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-28495
CVE-2026-26351
CVE-2026-27202
CVE-2026-27161
CVE-2026-27147
CVE-2026-27146
CVE-2021-47870
CVE-2021-47860
CVE-2021-47830
CVE-2021-47778
CVE-2013-10032
CVE-2025-48492
CVE-2024-55088
CVE-2024-55086
CVE-2024-55085
CVE-2024-11125
CVE-2023-51246
CVE-2023-6188
CVE-2023-46040
CVE-2023-46042
CVE-2022-41544
CVE-2022-1503
CVE-2021-36601
CVE-2020-21353
CVE-2020-18660
CVE-2020-18659
CVE-2020-18658
CVE-2020-18657
CVE-2020-20391
CVE-2020-20389
CVE-2021-28977
CVE-2021-28976
CVE-2020-18191
CVE-2020-24861
CVE-2020-23839
CVE-2013-1420
CVE-2019-16333
CVE-2019-11231
CVE-2019-9915
CVE-2018-19845
CVE-2018-19421
CVE-2018-19420
CVE-2018-17835
CVE-2018-17103
CVE-2018-16325
CVE-2018-15843
CVE-2018-9173
CVE-2017-10673
CVE-2017-8081
CVE-2014-8723
CVE-2014-8722
CVE-2015-5356
CVE-2015-5355
CVE-2014-8790
CVE-2014-1603
CVE-2013-7243
CVE-2012-6621
CVE-2010-5052
CVE-2010-4863
<= 3.3.22
GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an auth
>= 3.3.16 and < 3.3.22
GetSimpleCMS Community Edition (CE) versions prior to 3.3.22 (3.3.16 tested) contains a stored cross-site scripting (XSS) vulnerab
all versions
GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows
<= 3.3.22
GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitiv
<= 3.3.22
GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authen
<= 3.3.22
GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative
all versions
GetSimple CMS My SMTP Contact Plugin 1.1.2 suffers from a Stored Cross-Site Scripting (XSS) vulnerability. The plugin attempts to
all versions
GetSimple CMS Custom JS 0.1 plugin contains a cross-site request forgery vulnerability that allows unauthenticated attackers to in
all versions
GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery (CSRF) vulnerability. Attackers can craft a malic
all versions
GetSimple CMS My SMTP Contact Plugin 1.1.2 contains a PHP code injection vulnerability. An authenticated administrator can inject
all versions
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint
>= 3.3.16 and < 3.3.22
GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the
all versions
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.
all versions
In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address
all versions
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system
all versions
A vulnerability was found in GetSimpleCMS 3.3.16 and classified as problematic. This issue affects some unknown processing of the
all versions
A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add art
all versions
A vulnerability was found in GetSimpleCMS 3.3.16/3.4.0a. It has been rated as critical. This issue affects some unknown processing
all versions
Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted p
all versions
An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo().
all versions
GetSimple CMS v3.3.16 was discovered to contain a remote code execution (RCE) vulnerability via the edited_file parameter in admin
all versions
A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/e
all versions
GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Web
all versions
A stored cross site scripting (XSS) vulnerability in /admin/snippets.php of GetSimple CMS 3.4.0a allows attackers to execute arbit
<= 3.3.15
GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php via the redirect function to the url parameter.
<= 3.3.15
Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin
<= 3.3.15
Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php.
<= 3.3.15
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 in admin/changedata.php via the redirect_url parameter and the
all versions
Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets.
all versions
Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php.
<= 3.3.15
Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header info
< 3.3.15
Remote Code Execution vulnerability in GetSimpleCMS before 3.3.16 in admin/upload.php via phar filess.
all versions
GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.
all versions
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when y
all versions
A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS v3.3.16, in the admin/index.php login portal webpage, allows
< 3.2.1
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.2.1 allow remote attackers to inject arbitrary web s
all versions
GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php.
<= 3.3.15
An issue was discovered in GetSimple CMS through 3.3.15. insufficient input sanitation in the theme-edit.php file allows upload of
all versions
GetSimpleCMS 3.3.13 has an Open Redirect via the admin/index.php redirect parameter.
all versions
There is Stored XSS in GetSimple CMS 3.3.12 via the admin/edit.php "post-menu" parameter, a related issue to CVE-2018-16325.
all versions
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because o
all versions
In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but there are several alternative cases in which HTML can be execute
all versions
An issue was discovered in GetSimple CMS 3.3.15. An administrator can insert stored XSS via the admin/settings.php Custom Permalin
all versions
An issue was discovered in GetSimple CMS v3.3.13. There is a CSRF vulnerability that can change the administrator's password via a
all versions
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.
all versions
GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field.
all versions
Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attack
all versions
admin/profile.php in GetSimple CMS 3.x has XSS in a name field.
all versions
Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to es
all versions
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php
all versions
GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml,
<= 3.3.2
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject
<= 3.3.2
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web s
all versions
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain
all versions
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script o
all versions
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary we
<= 3.2.3
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inje
all versions
Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary
all versions
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary