Skip to main content

Korea Sns

2 CVEs product

Monthly

CVE-2026-39667 MEDIUM This Month

DOM-based cross-site scripting (XSS) in Jongmyoung Kim's Korea SNS WordPress plugin versions up to 1.7.0 allows authenticated high-privilege users to inject malicious scripts into web pages viewed by others. The vulnerability requires user interaction (UI:R) and high-privilege authentication (PR:H), limiting real-world exploitability to scenarios where administrative or editor-level WordPress accounts are compromised or misused. EPSS exploitation probability is minimal at 0.03% (8th percentile), indicating low technical likelihood despite the network-accessible attack vector.

XSS Korea Sns
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2023-47670 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Korea Sns
NVD
CVSS 3.1
4.3
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM This Month

DOM-based cross-site scripting (XSS) in Jongmyoung Kim's Korea SNS WordPress plugin versions up to 1.7.0 allows authenticated high-privilege users to inject malicious scripts into web pages viewed by others. The vulnerability requires user interaction (UI:R) and high-privilege authentication (PR:H), limiting real-world exploitability to scenarios where administrative or editor-level WordPress accounts are compromised or misused. EPSS exploitation probability is minimal at 0.03% (8th percentile), indicating low technical likelihood despite the network-accessible attack vector.

XSS Korea Sns
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.6.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Korea Sns
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy