Recently I was pointed to an issue regarding server side image manipulation of GIF images with GD. The PHP manual cautions:
This is easily overlooked and can lead to DoS vulnerabilities if the image is postprocessed by certain GD functions (such as imagecopyresampled()).When reading GIF files into memory, only the first frame is returned in the image resource pointer. The size of the image is not necessarily what is reported by getimagesize().
I am not aware of any actively maintained CMSimple_XH plugin which manipulates GIF images which have been supplied by unauthenticated users, but Bookstore_XH 1.2 might be affected.