VYPR

Oneclick CMS

by Oneclick CMS

CVEs (3)

  • CVE-2025-14270LowFeb 19, 2026
    risk 0.18cvss 2.7epss 0.00

    The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the wa_order_number_save_number_field function. This…

  • CVE-2008-3026Jul 7, 2008
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2007-2347Apr 27, 2007
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.