CVE-2021-47870

Name of the Vulnerable Software and Affected Versions GetSimple CMS My SMTP Contact Plugin version 1.1.2

Description A Stored Cross-Site Scripting (XSS) issue exists where the plugin fails to properly sanitize user input. Although the htmlspecialchars() function is used for sanitization, it can be bypassed by providing dangerous characters as escaped hex bytes. This allows an attacker to inject arbitrary client-side code that executes within the administrator's browser when they visit a malicious page.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.