Does Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation compatible with WordPress 6.8.5?

According to WordPress.org data, Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation 1.6.9 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation Security & Risk Analysis

wordpress.org/plugins/hello24-order-on-chat-abandoned-cart-recovery-marketing-automation

Gain 5X more revenue by Abandoned cart recovery, Add Chat Button, Marketing automation, Resell/Upsell/Cross-sell using Whatsapp API

10 active installs v1.6.9 PHP 5.6+ WP 4.4+ Updated Jun 14, 2025

abandoned-cartclick-to-chatwhatsapp-apiwhatsapp-buttonwoocommerce-order-on-whatsapp

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation Safe to Use in 2026?

Generally Safe

Score 100/100

Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 11mo ago

Risk Assessment

The "hello24-order-on-chat-abandoned-cart-recovery-marketing-automation" plugin version 1.6.9 presents a mixed security posture. While a significant majority of SQL queries are protected by prepared statements and all output is properly escaped, several critical areas raise concerns. The presence of 8 AJAX handlers without authentication checks and one REST API route lacking permission callbacks represent substantial attack vectors that could be exploited by unauthenticated users.

Furthermore, the static analysis identified the use of the `unserialize` function, which is a known source of vulnerabilities when dealing with untrusted input. Although taint analysis did not reveal critical or high severity unsanitized flows, the potential for serialized data exploitation remains a significant risk. The plugin's vulnerability history is clean, indicating a lack of publicly known exploits or past issues, which is positive. However, this does not mitigate the risks identified in the current code analysis.

In conclusion, while the plugin demonstrates good practices in areas like output escaping and prepared statements, the substantial number of unprotected entry points (AJAX and REST API) and the presence of `unserialize` create a notable risk profile. The absence of historical vulnerabilities is encouraging, but proactive mitigation of the identified code weaknesses is essential to ensure the plugin's security.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Dangerous function unserialize used
No Nonce checks on AJAX
Limited capability checks

Vulnerabilities

None known

Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation Release Timeline

v1.6.7

v1.6.6

v1.6.5

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.1

v1.4.0

Code Analysis

Analyzed Apr 16, 2026

Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation Code Analysis

Dangerous Functions

Raw SQL Queries

30 prepared

Unescaped Output

131 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$cart_content = unserialize($result->cart_contents);modules/cart-abandonment/class-h24-cart-abandonment.php:931

unserialize$other_fields = unserialize($result->other_fields);modules/cart-abandonment/class-h24-cart-abandonment.php:963

unserialize$cart_contents = unserialize($cart->cart_contents);modules/cart-abandonment/class-h24-cart-abandonment.php:1399

unserialize'other_fields' => unserialize($cart->other_fields),modules/cart-abandonment/class-h24-cart-abandonment.php:1448

unserialize'coupon_codes' => unserialize($cart->coupon_codes),modules/cart-abandonment/class-h24-cart-abandonment.php:1451

unserialize'shipping_methods' => unserialize($cart->shipping_methods),modules/cart-abandonment/class-h24-cart-abandonment.php:1452

SQL Query Safety

97% prepared31 total queries

Output Escaping

100% escaped131 total outputs

Data Flows · Security

1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths

h24_activate_integration_service (modules/cart-abandonment/class-h24-cart-abandonment.php:1205)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation Attack Surface

Entry Points40

Unprotected9

AJAX Handlers 8

authwp_ajax_save_cart_abandonment_datamodules/cart-abandonment/class-h24-cart-abandonment.php:48

noprivwp_ajax_save_cart_abandonment_datamodules/cart-abandonment/class-h24-cart-abandonment.php:49

authwp_ajax_h24_activate_integration_servicemodules/cart-abandonment/class-h24-cart-abandonment.php:51

noprivwp_ajax_h24_activate_integration_servicemodules/cart-abandonment/class-h24-cart-abandonment.php:52

authwp_ajax_h24_save_chat_buttonmodules/cart-abandonment/class-h24-cart-abandonment.php:54

noprivwp_ajax_h24_save_chat_buttonmodules/cart-abandonment/class-h24-cart-abandonment.php:55

authwp_ajax_h24_open_hello24_dashboardmodules/cart-abandonment/class-h24-cart-abandonment.php:57

authwp_ajax_h24_open_hello24_dashboardmodules/cart-abandonment/class-h24-cart-abandonment.php:58

REST API Routes 32

POST/wp-json/api/v1/getWoocommerceInfomodules/cart-abandonment/class-h24-cart-abandonment.php:63

POST/wp-json/api/v1/getOrderUrlmodules/cart-abandonment/class-h24-cart-abandonment.php:75

POST/wp-json/api/v1/getAbandonedCartsmodules/cart-abandonment/class-h24-cart-abandonment.php:87

POST/wp-json/api/v1/listProductsmodules/cart-abandonment/class-h24-cart-abandonment.php:99

POST/wp-json/api/v1/searchProductsmodules/cart-abandonment/class-h24-cart-abandonment.php:111

POST/wp-json/api/v1/getCategoryByIDmodules/cart-abandonment/class-h24-cart-abandonment.php:123

POST/wp-json/api/v1/listCategoriesmodules/cart-abandonment/class-h24-cart-abandonment.php:135

POST/wp-json/api/v1/listOrdersmodules/cart-abandonment/class-h24-cart-abandonment.php:147

POST/wp-json/api/v1/getOrdersByPhonemodules/cart-abandonment/class-h24-cart-abandonment.php:159

POST/wp-json/api/v1/getOrderByIDmodules/cart-abandonment/class-h24-cart-abandonment.php:171

POST/wp-json/api/v1/updateOrderStatusmodules/cart-abandonment/class-h24-cart-abandonment.php:183

POST/wp-json/api/v1/addOrderNotemodules/cart-abandonment/class-h24-cart-abandonment.php:195

POST/wp-json/api/v1/refundOrdermodules/cart-abandonment/class-h24-cart-abandonment.php:207

POST/wp-json/api/v1/addDiscountToOrdermodules/cart-abandonment/class-h24-cart-abandonment.php:219

POST/wp-json/api/v1/markOrderAsPaidmodules/cart-abandonment/class-h24-cart-abandonment.php:231

POST/wp-json/api/v1/createOrderFromCartmodules/cart-abandonment/class-h24-cart-abandonment.php:243

POST/wp-json/api/v1/createOrdermodules/cart-abandonment/class-h24-cart-abandonment.php:256

POST/wp-json/api/v1/updateOrdermodules/cart-abandonment/class-h24-cart-abandonment.php:268

POST/wp-json/api/v1/setWebhookmodules/cart-abandonment/class-h24-cart-abandonment.php:280

POST/wp-json/api/v1/deleteWebhookmodules/cart-abandonment/class-h24-cart-abandonment.php:292

POST/wp-json/api/v1/deleteWebhooksmodules/cart-abandonment/class-h24-cart-abandonment.php:304

POST/wp-json/api/v1/updateSettingsmodules/cart-abandonment/class-h24-cart-abandonment.php:316

POST/wp-json/api/v1/executeQuerymodules/cart-abandonment/class-h24-cart-abandonment.php:328

POST/wp-json/api/v1/listTablesmodules/cart-abandonment/class-h24-cart-abandonment.php:340

POST/wp-json/api/v1/getTableResultsmodules/cart-abandonment/class-h24-cart-abandonment.php:352

POST/wp-json/api/v1/listCustomersmodules/cart-abandonment/class-h24-cart-abandonment.php:364

POST/wp-json/api/v1/listCustomersForQuerymodules/cart-abandonment/class-h24-cart-abandonment.php:376

POST/wp-json/api/v1/listCustomersForProductmodules/cart-abandonment/class-h24-cart-abandonment.php:388

POST/wp-json/api/v1/setPasswordForUsermodules/cart-abandonment/class-h24-cart-abandonment.php:400

POST/wp-json/api/v1/getUserDatamodules/cart-abandonment/class-h24-cart-abandonment.php:412

POST/wp-json/api/v1/getPluginVersionmodules/cart-abandonment/class-h24-cart-abandonment.php:424

POST/wp-json/api/v1/listTicketsForOrdermodules/cart-abandonment/class-h24-cart-abandonment.php:435

WordPress Hooks 45

actionplugins_loadedclasses/class-h24-loader.php:68

actionadmin_noticesclasses/class-h24-loader.php:100

actionadmin_initclasses/class-h24-settings.php:26

actionadmin_menumodules/cart-abandonment/class-h24-cart-abandonment.php:43

actionadmin_enqueue_scriptsmodules/cart-abandonment/class-h24-cart-abandonment.php:44

actionwoocommerce_after_checkout_formmodules/cart-abandonment/class-h24-cart-abandonment.php:45

actionwp_footermodules/cart-abandonment/class-h24-cart-abandonment.php:60

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:62

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:74

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:86

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:98

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:110

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:122

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:134

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:146

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:158

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:170

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:182

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:194

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:206

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:218

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:230

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:242

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:255

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:267

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:279

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:291

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:303

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:315

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:327

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:339

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:351

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:363

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:375

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:387

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:399

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:411

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:423

actionrest_api_initmodules/cart-abandonment/class-h24-cart-abandonment.php:434

filterjwt_auth_whitelistmodules/cart-abandonment/class-h24-cart-abandonment.php:446

filterwpmodules/cart-abandonment/class-h24-cart-abandonment.php:483

actionwoocommerce_order_status_changedmodules/cart-abandonment/class-h24-cart-abandonment.php:484

actionuser_registermodules/cart-abandonment/class-h24-cart-abandonment.php:486

actioninitmodules/cart-link/cart-link.php:21

actionwp_loadedmodules/cart-link/cart-link.php:46

Maintenance & Trust

Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 14, 2025

PHP min version5.6

Downloads3K

Community Trust

Rating100/100

Number of ratings4

Active installs10

Alternatives

Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation Alternatives

Abandoned Checkout Recovery & Order Notifications for WooCommerce

abandoned-checkout-recovery-order-notifications-for-woocommerce

100

Send WhatsApp notifications for recovering abandoned carts, double confirming CoD orders and for other order & shipment updates! Also, send out yo …

800 No CVEs

Social Chat Widget (⚡ by Callbell)

callbell-chat-widget

WhatsApp free live chat button to connect and communicate with your website visitors

700 No CVEs

Spoki – Chat Buttons and WooCommerce Notifications

spoki

WhatsApp full integration for your website! Recover Abandoned Carts, send Order Notifications and add WhatsApp Buttons.

700 1 unpatched

Order & Abandoned Cart Notifications for WooCommerce

order-notifications-for-woocommerce

100

Send WhatsApp notifications for WooCommerce orders, order status updates and abandoned cart recovery using the official WhatsApp Business API.

40 No CVEs

BusinessOnBot

businessonbot

100

Boosts D2C brands via WhatsApp & Instagram, maximizing user acquisition & growth through platform potential.

10 No CVEs

Developer Profile

Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation Developer Profile

Hello24.ai

1 plugin · 10 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Hello24 – Order on Chat, Abandoned cart recovery & Marketing Automation

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/hello24-order-on-chat-apps/build/css/main.css/wp-content/plugins/hello24-order-on-chat-apps/build/js/app.js

Script Paths

/wp-content/plugins/hello24-order-on-chat-apps/build/js/app.js

Version Parameters

hello24-order-on-chat-apps/build/css/main.css?ver=hello24-order-on-chat-apps/build/js/app.js?ver=

HTML / DOM Fingerprints

CSS Classes

hello24-chat-iconh24-chat-widgethello24-chat-minimize-buttonhello24-widget-wrapperhello24-chat-message-wrapper

Data Attributes

data-h24-wcdata-h24-wp

JS Globals

hello24_dataH24Chat

REST Endpoints

/wp-json/hello24/v1/settings/wp-json/hello24/v1/sync

Shortcode Output

[hello24_chat_button]

FAQ