Cross-Site Request Forgery Vulnerability in WpDevArt Organization Chart Plugin
CVE-2026-24597

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Organization Chart
Vendor: CVE Published:; 25 May 2026

What is CVE-2026-24597?

The Organization Chart plugin developed by WpDevArt is susceptible to a Cross-Site Request Forgery (CSRF) attack. This vulnerability permits an attacker to trick users into executing unwanted actions on the website while they are authenticated. Due to this flaw, unauthorized commands may be sent without user consent, posing a significant risk to data integrity and user safety. It is crucial for users of the affected versions to implement security measures and update to the latest version to mitigate these risks.

Affected Version(s)

Organization chart <= 1.7.5

References

https://patchstack.com/database/wordpress/plugin/organiza...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
Jan 23, 2026

Credit

daroo | Patchstack Bug Bounty Program

CVE-2026-24597 Data

JSON

WordPress

What is CVE-2026-24597?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit