Korea Sns
Monthly
DOM-based cross-site scripting (XSS) in Jongmyoung Kim's Korea SNS WordPress plugin versions up to 1.7.0 allows authenticated high-privilege users to inject malicious scripts into web pages viewed by others. The vulnerability requires user interaction (UI:R) and high-privilege authentication (PR:H), limiting real-world exploitability to scenarios where administrative or editor-level WordPress accounts are compromised or misused. EPSS exploitation probability is minimal at 0.03% (8th percentile), indicating low technical likelihood despite the network-accessible attack vector.
Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
DOM-based cross-site scripting (XSS) in Jongmyoung Kim's Korea SNS WordPress plugin versions up to 1.7.0 allows authenticated high-privilege users to inject malicious scripts into web pages viewed by others. The vulnerability requires user interaction (UI:R) and high-privilege authentication (PR:H), limiting real-world exploitability to scenarios where administrative or editor-level WordPress accounts are compromised or misused. EPSS exploitation probability is minimal at 0.03% (8th percentile), indicating low technical likelihood despite the network-accessible attack vector.
Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.