Korea SNS Security & Risk Analysis
wordpress.org/plugins/korea-snsPuts Korea social share buttons in post and page. support kakaotalk, naver (line, band, cafe), facebook, twitter, telegram
Is Korea SNS Safe to Use in 2026?
Use With Caution
Score 61/100Korea SNS has 1 unpatched vulnerability. Evaluate alternatives or apply available mitigations.
The korea-sns plugin v1.7.0 exhibits a generally good security posture, with a low attack surface and a strong adherence to best practices regarding SQL queries and nonce checks. The static analysis shows no critical or high-severity taint flows and a robust use of prepared statements for SQL. However, a significant concern lies in the output escaping, where a large majority of outputs are not properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the plugin has a history of known vulnerabilities, specifically a medium-severity Cross-Site Request Forgery (CSRF) in its past. While currently unpatched vulnerabilities are zero, this history suggests a pattern that, when combined with the output escaping issues, warrants careful consideration.
In conclusion, while the plugin demonstrates strengths in areas like SQL security and input validation (via nonces and capabilities), the prevalent lack of proper output escaping presents a clear and present danger for XSS attacks. The past CSRF vulnerability, though resolved, also highlights the need for vigilance. Users should be aware that despite the current lack of critical issues in static analysis, the unescaped output is a significant weakness that could be exploited. The plugin's overall security is thus weakened by this oversight, despite otherwise positive indicators.
Key Concerns
- Poor output escaping
- Past medium severity CVEs
Korea SNS Security Vulnerabilities
CVEs by Year
Severity Breakdown
2 total CVEs
Korea SNS <= 1.7.0 - Authenticated (Author+) Stored Cross-Site Scripting
Korea SNS <= 1.6.4 - Cross-Site Request Forgery via kon_tergos_options
Korea SNS Release Timeline
Korea SNS Code Analysis
Output Escaping
Korea SNS Attack Surface
Shortcodes 1
WordPress Hooks 6
Maintenance & Trust
Korea SNS Maintenance & Trust
Maintenance Signals
Community Trust
Korea SNS Alternatives
Kakao Talk Link
kakao-talk-link
Puts Kakao Talk Link Button of below your posts.
SchedulePress – Auto Post & Publish, Auto Social Share, Schedule Posts with Editorial Calendar & Missed Schedule Post Publisher
wp-scheduled-posts
Automate your WordPress content scheduling with a visual calendar, auto/manual schedulers, missed‑post handler, social sharing options & templates.
Booster Extension
booster-extension
Booster Extension is a free WordPress plugin that supercharges your site with awesome powerful features. There’re numerous plugins in the official Wor …
Bit Social – Social Media Auto Poster and Scheduler
bit-social
Schedule WordPress posts to social media and auto share content across Facebook, Twitter (X), Instagram, Pinterest, TikTok, and LinkedIn.
Sociality
sociality
Social features for the theme authors.
Korea SNS Developer Profile
3 plugins · 4K total installs
How We Detect Korea SNS
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/korea-sns/korea_sns.css/wp-content/plugins/korea-sns/korea_sns.jshttps://developers.kakao.com/sdk/js/kakao.min.js/wp-content/plugins/korea-sns/korea_sns.jskorea_sns.css?ver=korea_sns.js?ver=HTML / DOM Fingerprints
korea-snskorea-sns-buttonkorea-sns-facebookkorea-sns-twitterkorea-sns-telegramkorea-sns-naverlinekorea-sns-naverbandkorea-sns-naverblog+8 moreOnClickSendSNS<div class="korea-sns-shortcode">