Skip to main content

Organization Chart

4 CVEs product

Monthly

CVE-2026-24597 MEDIUM This Month

Cross-Site Request Forgery in WpDevArt's Organization Chart WordPress plugin (all versions through 1.7.5) enables remote unauthenticated attackers to perform unauthorized state-changing actions against the plugin by tricking an authenticated WordPress user into interacting with a crafted request. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) reflects that while no authentication or elevated complexity is required on the attacker's side, exploitation is gated by mandatory victim interaction, limiting realistic impact to integrity modifications only. No public exploit code exists and no active exploitation has been identified; EPSS score of 0.01% (3rd percentile) and SSVC exploitation status of 'none' collectively indicate low real-world threat at time of analysis.

CSRF Organization Chart
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-7355 MEDIUM PATCH This Month

The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Organization Chart
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-24387 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Organization Chart
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24384 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Organization Chart
NVD
CVSS 3.1
8.8
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site Request Forgery in WpDevArt's Organization Chart WordPress plugin (all versions through 1.7.5) enables remote unauthenticated attackers to perform unauthorized state-changing actions against the plugin by tricking an authenticated WordPress user into interacting with a crafted request. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) reflects that while no authentication or elevated complexity is required on the attacker's side, exploitation is gated by mandatory victim interaction, limiting realistic impact to integrity modifications only. No public exploit code exists and no active exploitation has been identified; EPSS score of 0.01% (3rd percentile) and SSVC exploitation status of 'none' collectively indicate low real-world threat at time of analysis.

CSRF Organization Chart
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Organization Chart
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Organization Chart
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Organization Chart
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy