CVE-2024-7355
Published
CVSS v3
4.9
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Organization chart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title_input’ and 'node_description' parameter in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure charts can be extended to subscribers.
<p>WordPress organization chart plugin is a nice and handy tool for creating simple and nice organizational charts. If you have any suggestions about the functionality, just let us know.</p>
<h3>You can check the demo of the plugin here:</h3>
<ul>
<li><a href="https://demo.wpdevart.com/organization-chart" rel="nofollow ugc">Demo Page</a></li>
</ul>
<h3>Features of Free version</h3>
<ul>
<li><strong>User-friendly interface</strong></li>
<li><strong>Works great with all actual WordPress versions</strong></li>
<li><strong>Responsive(mobile-friendly) design</strong></li>
<li><strong>Gutenberg-ready plugin</strong></li>
<li><strong>Ability to add unlimited themes and elements</strong></li>
<li><strong>Ability to add image for each element</strong></li>
<li><strong>Ability to duplicate the organizational charts or themes</strong></li>
<li><strong>Ability to add horizontal scrolling instead of mobile view</strong></li>
<li><strong>Ability to select theme for each element</strong></li>
<li><strong>Ability to change the organizational chart background color and border radius</strong></li>
<li><strong>Ability to enable Popup functionality</strong></li>
<li><strong>Ability to configure Popup styles</strong></li>
<li><strong>Ability to set User Permissions</strong></li>
</ul>
<p>Also, our plugin has a premium version, so you can upgrade the free version and get more functionality – <a href="https://wpdevart.com/wordpress-organization-chart-plugin/" rel="nofollow ugc">WordPress Organization Chart Premium</a></p>
<h3>Features of the Premium version</h3>
<ul>
<li><strong>Built-in themes for the elements</strong></li>
<li><strong>Customizable elements</strong></li>
<li><strong>Ability to change the title and description font family</strong></li>
<li><strong>Ability to change the elements border styles</strong></li>
<li><strong>Ability to change the elements background color(gradient)</strong></li>
<li><strong>Full Screen functionality</strong></li>
<li><strong>Drag and Zoom functionality</strong></li>
<li><strong>Ability to set a responsive view after the element</strong></li>
</ul>
<p><strong>If you have any questions, issues or even suggestions occurring our plugin, you can contact us at <a href="https://wordpress.org/support/plugin/organization-chart" rel="ugc">SUPPORT FORUM</a>.</strong></p>
<p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/F4md4FQDvSY?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p>
<p>Below we listed the WordPress Organizational Chart plugin options list. If you click on the element edit button, you will see a popup window with the following settings.</p>
<p><strong>Element Settings</strong></p>
<p><strong>Information tab</strong></p>
<ul>
<li>Type the URL – Type the element image URL or upload it using the “Upload” button.</li>
<li>Type the title – Type the element title in this field.</li>
<li>Type the description – Type the element description in this field.</li>
</ul>
<p><strong>Styling</strong></p>
<ul>
<li>Select the theme – You can select the element theme using this option.</li>
</ul>
<p><strong>Theme Settings</strong></p>
<p><strong>General Settings</strong></p>
<ul>
<li>Responsive(Add a horizontal scroll, Mobile view) – This option allows to select how to display the organization chart, if the is is bigger then the container.</li>
<li>Background Color – Choose the container background color.</li>
<li>Border Radius – Type the container border radius.</li>
<li>Padding – Type the global padding values.</li>
</ul>
<p><strong>Line style</strong></p>
<ul>
<li>Set the line color – This option allows to set the global line(border) color.</li>
<li>Line Height – This option allows to set the global line(border) height.</li>
</ul>
<p><strong>Item style</strong></p>
<ul>
<li>Background Color – Select the element background color.</li>
<li>Minimum Width – Type the element minimum width.</li>
<li>Minimum Height – Type the element minimum height.</li>
<li>Image width – Type the element image width.</li>
<li>Image height – Type the element image height.</li>
<li>Image Border Radius – Type the image border radius.</li>
<li>Image Margin – Type the image margin option values.</li>
<li>Title font – Configure the title font style by clicking on the pencil icon(available options are: Font Family, Color, Font Size, Line Height, Letter Spacing, Font Weight, Font Style).</li>
<li>Title Margin – Type the title margin option values.</li>
<li>Description font – Configure the description font style by clicking on the pencil icon(available options are: Font Family, Color, Font Size, Line Height, Letter Spacing, Font Weight, Font Style).</li>
<li>Description margin – Type the description margin option values.</li>
<li>Item Border – Configure the element border style by clicking on the pencil icon(available options are: Item Border Type, Item Border Color, Border Width, Border Radius).</li>
</ul>
WordPress Plugin Directory