CVE-2026-39667
Received Received - Intake
DOM-Based XSS in Korea SNS ≀ 1.7.0 Enables Script Injection

Publication date: 2026-04-08

Last updated on: 2026-04-13

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jongmyoung Kim Korea SNS korea-sns allows DOM-Based XSS.This issue affects Korea SNS: from n/a through <= 1.7.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-08
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-39667
EUVD
EUVD-2026-20341
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
jongmyoung_kim korea_sns to 1.7.0 (inc)
korea_sns korea_sns to 1.7.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-39667 is a Cross Site Scripting (XSS) vulnerability affecting the WordPress Korea SNS Plugin versions up to and including 1.7.0.

This vulnerability allows attackers to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”into websites using the plugin. These scripts execute when visitors access the compromised site.

Exploitation requires a privileged user (such as an author or developer) to perform an action like clicking a malicious link, visiting a crafted page, or submitting a form, meaning user interaction is necessary for successful attack execution.

Impact Analysis

The vulnerability can lead to the execution of malicious scripts on your website, which may cause unwanted redirects, display of unauthorized advertisements, or other harmful HTML payloads.

Since the attack requires user interaction by a privileged user, it may be used in mass-exploit campaigns targeting many websites indiscriminately.

Although considered low priority with no impactful threat currently, it still poses a moderate risk (CVSS score of 5.9) and can compromise the integrity and user experience of your site.

Immediate mitigation involves updating the affected plugin if possible or seeking assistance from your hosting provider or web developer.

Detection Guidance

CVE-2026-39667 is a DOM-Based Cross Site Scripting (XSS) vulnerability affecting the WordPress Korea SNS Plugin up to version 1.7.0. Detection typically involves identifying malicious script injections or unusual script executions on web pages using the plugin.

Since exploitation requires user interaction such as clicking a malicious link or submitting a form, monitoring web traffic for suspicious payloads or unexpected script injections can help detect attempts.

No specific detection commands are provided in the available resources.

Mitigation Strategies

Immediate mitigation involves updating the affected Korea SNS plugin to a version beyond 1.7.0 if such an update is available.

If no official patch is available, users are advised to seek assistance from their hosting provider or web developer to implement protective measures.

Additionally, limiting privileged user actions and educating users about the risks of clicking suspicious links or submitting untrusted forms can reduce exploitation risk.

Compliance Impact

The provided information does not specify any direct impact of this Cross Site Scripting (XSS) vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39667. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart