VYPR

Oneclick Whatsapp Order

by WordPress

Source repositories

CVEs (2)

  • CVE-2025-13526HigNov 22, 2025
    risk 0.42cvss 7.5epss 0.00

    The OneClick Chat to Order plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.0.8 via the 'wa_order_thank_you_override' function due to missing validation on a user controlled key. This makes it possible for…

  • CVE-2024-29789MedMar 27, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5.