Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: DOM‑Based Cross‑Site Scripting (XSS) that can execute arbitrary JavaScript in a visitor’s browser
Action: Patch
AI Analysis

Impact

The Korea SNS plugin improperly neutralizes user input during web page generation, allowing attackers to inject malicious scripts that execute in the context of a legitimate user’s browser. This DOM‑based cross‑site scripting can enable credential theft, defacement, or the execution of further attacks via the compromised session. Users who visit affected pages may unknowingly expose themselves to these risks.

Affected Systems

The vulnerability affects the WordPress Korea SNS plugin developed by Jongmyoung Kim. All installations running version 1.7.0 or earlier are impacted; newer releases are not listed as affected.

Risk and Exploitability

Because the exploitation path is client‑side and does not require elevated credentials, any visitor can trigger the malicious code by loading a crafted page. While no CVSS or EPSS scores are provided, the nature of XSS grants attackers the ability to subvert user sessions and deface content, representing a moderate to high risk. The vulnerability is not currently listed in the CISA KEV catalog, but the lack of available exploit probability data means the threat cannot be ruled out.

Generated by OpenCVE AI on April 8, 2026 at 10:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Korea SNS plugin to a version newer than 1.7.0, if available.
  • If an update is not possible, disable the plugin or replace it with a verified alternative until a patch is released.
  • Scour the site for any injected JavaScript and remove it manually.
  • Configure web application firewall rules to block suspicious script injections in URLs or form inputs.
  • Monitor access logs for anomalous activity that may indicate exploitation attempts.

Generated by OpenCVE AI on April 8, 2026 at 10:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Jongmyoung Kim
Jongmyoung Kim korea Sns
Wordpress
Wordpress wordpress
Vendors & Products Jongmyoung Kim
Jongmyoung Kim korea Sns
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0.
Title WordPress Korea SNS plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Jongmyoung Kim Korea Sns
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:38.379Z

Reserved: 2026-04-07T10:57:59.671Z

Link: CVE-2026-39667

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:38.037

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39667

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:41:09Z

Weaknesses