Organization Chart
Monthly
Cross-Site Request Forgery in WpDevArt's Organization Chart WordPress plugin (all versions through 1.7.5) enables remote unauthenticated attackers to perform unauthorized state-changing actions against the plugin by tricking an authenticated WordPress user into interacting with a crafted request. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) reflects that while no authentication or elevated complexity is required on the attacker's side, exploitation is gated by mandatory victim interaction, limiting realistic impact to integrity modifications only. No public exploit code exists and no active exploitation has been identified; EPSS score of 0.01% (3rd percentile) and SSVC exploitation status of 'none' collectively indicate low real-world threat at time of analysis.
The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Cross-Site Request Forgery in WpDevArt's Organization Chart WordPress plugin (all versions through 1.7.5) enables remote unauthenticated attackers to perform unauthorized state-changing actions against the plugin by tricking an authenticated WordPress user into interacting with a crafted request. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) reflects that while no authentication or elevated complexity is required on the attacker's side, exploitation is gated by mandatory victim interaction, limiting realistic impact to integrity modifications only. No public exploit code exists and no active exploitation has been identified; EPSS score of 0.01% (3rd percentile) and SSVC exploitation status of 'none' collectively indicate low real-world threat at time of analysis.
The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.