WP-Safety

Organization chart Security & Risk Analysis

wordpress.org/plugins/organization-chart

WordPress organization chart plugin is a nice and handy tool for creating simple and nice organizational charts. If you have any suggestions about the …

5K active installs v1.7.6 PHP + WP 3.4.0+ Updated Feb 12, 2026
employee-listorg-chartorganization-chartorganizational-chartstaff-directory
96
A · Safe
CVEs total5
Unpatched0
Last CVEAug 7, 2024
Plugin page Download
Safety Verdict

Is Organization chart Safe to Use in 2026?

Generally Safe

Score 96/100

Organization chart has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

5 known CVEsLast CVE: Aug 7, 2024Updated 3mo ago
Risk Assessment

The organization-chart plugin v1.7.6 presents a mixed security posture. While it demonstrates good practices such as a high percentage of properly escaped output, a significant number of prepared SQL statements, and no file operations or external HTTP requests, there are several areas of concern. The presence of an unprotected AJAX handler significantly expands the attack surface and is a direct entry point for unauthenticated malicious input. Taint analysis, though limited, did reveal flows with unsanitized paths, which, combined with the unprotected AJAX handler, could potentially lead to vulnerabilities if exploited correctly. The plugin's history of 5 CVEs, including one high-severity vulnerability and four medium-severity, particularly those related to Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and Missing Authorization, indicates a pattern of past security weaknesses. Although there are no currently unpatched vulnerabilities, this history warrants vigilance. The overall risk is moderate, leaning towards concerning due to the unprotected AJAX endpoint and past vulnerability trends.

Key Concerns

  • Unprotected AJAX handler
  • Flows with unsanitized paths
  • Past high-severity vulnerability
  • Multiple past medium-severity vulnerabilities
Vulnerabilities
5 published

Organization chart Security Vulnerabilities

CVEs by Year

2 CVEs in 2022
2022
2 CVEs in 2023
2023
1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

High
1
Medium
4

5 total CVEs

CVE-2024-7355medium · 4.9Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Organization chart <= 1.5.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via title_input and node_description Parameters

Aug 7, 2024 Patched in 1.5.1 (1d)
CVE-2023-24387medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Organization chart <= 1.4.4 - Authenticated (Admin+) Stored Cross-Site Scripting

Jan 27, 2023 Patched in 1.4.5 (361d)
CVE-2023-24384medium · 4.3Cross-Site Request Forgery (CSRF)

Organization chart <= 1.4.4 - Cross-Site Request Forgery

Jan 27, 2023 Patched in 1.4.5 (361d)
WF-1647ac13-d9d1-46ae-93e7-855f55160e03-organization-charthigh · 8.8Cross-Site Request Forgery (CSRF)

Organization chart <= 1.4.1 - Cross-Site Request Forgery

Nov 26, 2022 Patched in 1.4.2 (423d)
CVE-2022-45844medium · 4.3Missing Authorization

Organization chart <= 1.4.1 - Missing Authorization

Nov 26, 2022 Patched in 1.4.2 (423d)
Version History

Organization chart Release Timeline

v1.7.6Current
v1.7.5
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.6.1
v1.6.0
v1.5.9
v1.5.8
v1.5.7
v1.5.6
v1.5.5
v1.5.4
v1.5.3
v1.5.2
v1.5.1
v1.5.01 CVE
CVE-2024-7355
v1.4.91 CVE
CVE-2024-7355
Code Analysis
Analyzed Mar 16, 2026

Organization chart Code Analysis

Dangerous Functions
0
Raw SQL Queries
25
27 prepared
Unescaped Output
13
304 escaped
Nonce Checks
1
Capability Checks
4
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

52% prepared52 total queries

Output Escaping

96% escaped317 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
post_page_content (admin\admin.php:152)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Organization chart Attack Surface

Entry Points2
Unprotected1

AJAX Handlers 1

authwp_ajax_wpda_org_chart_post_page_contentadmin\admin.php:28

Shortcodes 1

[wpda_org_chart] front\front.php:14
WordPress Hooks 10
actionadmin_menuadmin\admin.php:23
filtermce_external_pluginsadmin\admin.php:25
filtermce_buttonsadmin\admin.php:26
actionadmin_enqueue_scriptsadmin\admin.php:27
actionenqueue_block_editor_assetsadmin\gutenberg\gutenberg.php:15
filterwp_headfront\front.php:12
filterwp_footerfront\front.php:13
filterposts_fieldslibrary\wpdevart_admin_library.php:647
filterpages_fieldslibrary\wpdevart_admin_library.php:648
actioninitwpdevart_chart.php:41
Maintenance & Trust

Organization chart Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 12, 2026
PHP min version
Downloads113K

Community Trust

Rating100/100
Number of ratings13
Active installs5K
Alternatives

Organization chart Alternatives

Simple Staff List

Simple Staff List

simple-staff-list

A
91

A simple plugin to build and display a staff listing for your website.

3K 3 CVEs
Simple Org Chart

Simple Org Chart

simple-org-chart

A
91

Create a simple jQuery Org Chart which will display your team or organisation structure in a hierarchical fashion, using easy drag and drop facilities &hellip;

1K 2 CVEs
Clicface Organi

Clicface Organi

clicface-organi

A
92

Create Org Charts easily in WordPress. A flexible and lightweight WordPress plugin, working with Clicface Trombi.

200 No CVEs
Interactive Organizational Chart

Interactive Organizational Chart

interactive-organizational-chart

A
100

A complete WordPress plugin for managing and displaying interactive organizational charts with admin and editor data upload and user-friendly viewing.

10 No CVEs
Business Directory Plugin – Easy Listing Directories for WordPress

Business Directory Plugin – Easy Listing Directories for WordPress

business-directory-plugin

B
82

The easy Business Directory Plugin for WordPress. Build an easy team directory, member directory, staff directory, church directory, and more.

10K 16 CVEs
Developer Profile

Organization chart Developer Profile

wpdevart

45 plugins · 52K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
581 days
View full developer profile
Detection Fingerprints

How We Detect Organization chart

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/organization-chart/admin/gutenberg/style.css/wp-content/plugins/organization-chart/admin/gutenberg/block.js/wp-content/plugins/organization-chart/admin/assets/js/alpha-color-picker.js
Script Paths
/wp-content/plugins/organization-chart/admin/gutenberg/block.js
Version Parameters
organization-chart/admin/gutenberg/style.css?ver=organization-chart/admin/gutenberg/block.js?ver=organization-chart/admin/assets/js/alpha-color-picker.js?ver=

HTML / DOM Fingerprints

CSS Classes
wpda_org_chart_tree_pagewpda_org_chart_tree_themeswpda_org_chart_tree_popup_themeswpda_org_chart_tree_user_permissionswpda_org_chart_featured_pluginswpda_org_chart_featured_themeswpda_org_chart_hire_expert
Data Attributes
wpda_org_chart_user_permissions::get_allowed_page_permission('chart_page')wpda_org_chart_user_permissions::get_allowed_page_permission('chart_theme_page')wpda_org_chart_user_permissions::get_allowed_page_permission('chart_popup_page')
JS Globals
wpda_org_chart_plugin_url
FAQ

Frequently Asked Questions about Organization chart