Getsimple-ce Getsimple Cms — known CVE vulnerabilities
Every CVE whose affected-product data names Getsimple-ce Getsimple Cms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2024-55085 — CVSS 9.8 (critical): GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which…
CVE-2026-28495 — CVSS 9.6 (critical): GetSimple CMS is a content management system. The massiveAdmin plugin (v6.0.3) bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated…
CVE-2025-48492 — CVSS 8.8 (high): GetSimple CMS is a content management system. In versions starting from 3.3.16 to 3.3.21, an authenticated user with access to the Edit…
CVE-2024-55088 — CVSS 8.8 (high): GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module.
CVE-2026-27161 — CVSS 7.5 (high): GetSimple CMS is a content management system. All versions of GetSimple CMS rely on .htaccess files to restrict access to sensitive…
CVE-2026-27202 — CVSS 7.5 (high): GetSimple CMS is a content management system. All versions of GetSimple CMS have a flaw in the Uploaded Files feature that allows for…
CVE-2024-55086 — CVSS 7.2 (high): In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the…
CVE-2026-27147 — CVSS 5.4 (medium): GetSimple CMS is a content management system. All versions of GetSimple CMS are vulnerable to XSS through SVG file uploads. Authenticated…
CVE-2026-26351 — CVSS 4.8 (medium): GetSimpleCMS Community Edition (CE) versions prior to 3.3.22 (3.3.16 tested) contains a stored cross-site scripting (XSS) vulnerability in…
CVE-2026-27146 — CVSS 4.5 (medium): GetSimple CMS is a content management system. All versions of GetSimple CMS do not implement CSRF protection on the administrative file…