VYPR

CMS Made Simple

by WordPress

CVEs (2)

  • CVE-2020-37238MedMay 16, 2026
    risk 0.42cvss 6.4epss 0.00

    CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which…

  • CVE-2018-9921MedApr 23, 2018
    risk 0.35cvss 5.3epss 0.01

    In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible to determine the existence of files and directories outside the web-site installation directory, and determine whether a file has contents matching a specified checksum. The attack uses an…