Vulnerabilities and security researches fororganization-chart organization-chart

Jun 06, 2024

CVE, Research URL: CVE-2023-24384
Home page URL: Security reports for Organization chart
Application: Organization chart
Date: Feb 23, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions.
Affected versions: max 1.4.5.
Status: vulnerable

CVE, Research URL: e18b0310c8b9c247bc11cefe1189f9b49bcc1a78
Home page URL: Security reports for Organization chart
Application: Organization chart
Date: Nov 23, 2022
Research Description: Organization chart [organization-chart] < 1.4.2 WordPress Organization chart plugin <= 1.4.1 - Broken Access Control vulnerability Broken Access Control vulnerability discovered by Lana Codes (Patchstack Alliance) in the WordPress Organization chart plugin (versions <= 1.4.1). Update the WordPress Organization chart plugin to the latest available version (at least 1.4.2).
Affected versions: max 1.4.2.
Status: vulnerable

CVE, Research URL: CVE-2023-24387
Home page URL: Security reports for Organization chart
Application: Organization chart
Date: Apr 06, 2023
Research Description: Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPdevart Organization chart plugin <= 1.4.4 versions.
Affected versions: max 1.4.5.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2022-45844
Home page URL: Security reports for Organization chart
Application: Organization chart
Date: -
Research Description: The Organization chart plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the post_page_content function in versions up to, and including, 1.4.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function.
Affected versions: max 1.4.1.
Status: vulnerable

Aug 08, 2024

CVE, Research URL: CVE-2024-7355
Home page URL: Security reports for Organization chart
Application: Organization chart
Date: Aug 07, 2024
Research Description: The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure charts can be extended to subscribers.
Affected versions: max 1.5.1.
Status: vulnerable

May 27, 2026

CVE, Research URL: CVE-2026-24597
Home page URL: Security reports for Organization chart
Application: Organization chart
Date: May 26, 2026
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart allows Cross Site Request Forgery. This issue affects Organization chart: from n/a through 1.7.5.
Affected versions: max 1.7.6.
Status: vulnerable