WordPress Plugin Vulnerabilities

Organization chart < 1.4.5 - Multiple CSRF

Description

The plugin does not have CSRF checks in some places, for example when updating/deleting/duplicating popups, tree and themes from the plugin, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks

Affects Plugins

Plugin icon
organization-chart
Fixed in 1.4.5

References

CVE
CVE-2023-24384

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
yuyudhn
Verified
No
WPVDB ID
de5ab0ff-e38b-466a-a70c-c7d369f5c5c7

Timeline

Publicly Published
2023-02-23 (about 3 years ago)
Added
2023-02-23 (about 3 years ago)
Last Updated
2023-02-23 (about 3 years ago)

Other

Published
Title
Published
2024-11-01
Title
FraudLabs Pro SMS Verification < 1.10.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-12-12
Title
WPBookit <= 1.0.7 - Customer Deletion via CSRF
Published
2024-12-02
Title
Namaste! LMS < 2.6.5 - Cross-Site Request Forgery
Published
2021-04-22
Title
Multiple WP-Buy Plugins - Arbitrary Plugin Installation/Activation via CSRF
Published
2023-10-16
Title
Feed Statistics <= 4.1 - Arbitrary Settings Update via CSRF