The plugin does not have CSRF checks in some places, for example when updating/deleting/duplicating popups, tree and themes from the plugin, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CPE | Name | Operator | Version |
---|---|---|---|
organization-chart | lt | 1.4.5 |