Oneclick CMS
by Oneclick CMS
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-14270 | Low | 0.18 | 2.7 | 0.00 | Feb 19, 2026 | The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the wa_order_number_save_number_field function. This… | ||
| CVE-2008-3026 | 0.03 | — | 0.01 | Jul 7, 2008 | SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2007-2347 | 0.03 | — | 0.03 | Apr 27, 2007 | PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. |
- risk 0.18cvss 2.7epss 0.00
The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the wa_order_number_save_number_field function. This…
- CVE-2008-3026Jul 7, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2007-2347Apr 27, 2007risk 0.03cvss —epss 0.03
PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.