WP-Safety

One Click Start Security & Risk Analysis

wordpress.org/plugins/one-click-start

A simple, reliable tool to automate your initial WordPress setup tasks like cleanup, permalink changes, comment setting, and bulk plugin installation.

10 active installs v1.0.1 PHP 7.4+ WP 5.8+ Updated Nov 8, 2025
bulk-installone-click-setupone-click-startone-clickwordpress-automation
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is One Click Start Safe to Use in 2026?

Generally Safe

Score 100/100

One Click Start has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "one-click-start" plugin v1.0.1 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries, nearly all output is properly escaped, and there are no recorded vulnerabilities or known CVEs. The absence of critical or high severity taint flows is also a strong indicator of secure coding in that area.

However, a significant concern lies in the attack surface. All five identified AJAX handlers lack authentication checks. This means any unauthenticated user could potentially trigger these handlers, leading to unintended actions or information disclosure if the handler's functionality is sensitive. While the plugin doesn't appear to have a history of vulnerabilities, the open attack surface represents a substantial risk that could be exploited.

In conclusion, while the "one-click-start" plugin benefits from secure data handling and output sanitization, the lack of authentication on its AJAX endpoints is a critical weakness. The plugin's history of no vulnerabilities is reassuring but does not negate the immediate risk posed by the unprotected entry points. Developers should prioritize implementing nonce and capability checks on all AJAX handlers to mitigate this exposure.

Key Concerns

  • 5 unprotected AJAX handlers
Vulnerabilities
None known

One Click Start Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

One Click Start Release Timeline

v1.0.1Current
v1.0.0
Code Analysis
Analyzed Apr 16, 2026

One Click Start Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
77 escaped
Nonce Checks
6
Capability Checks
7
File Operations
1
External Requests
0
Bundled Libraries
0

Output Escaping

99% escaped78 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
import_recipe (includes/class-ocs-ajax.php:88)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
5 unprotected

One Click Start Attack Surface

Entry Points5
Unprotected5

AJAX Handlers 5

authwp_ajax_one_click_start_save_recipeincludes/class-ocs-core.php:52
authwp_ajax_one_click_start_execute_taskincludes/class-ocs-core.php:53
authwp_ajax_one_click_start_import_recipeincludes/class-ocs-core.php:54
authwp_ajax_one_click_start_set_review_promptincludes/class-ocs-core.php:55
authwp_ajax_one_click_start_dismiss_review_promptincludes/class-ocs-core.php:56
WordPress Hooks 5
actionadmin_menuincludes/class-ocs-core.php:45
actionadmin_enqueue_scriptsincludes/class-ocs-core.php:46
actionadmin_initincludes/class-ocs-core.php:47
actionadmin_noticesincludes/class-ocs-core.php:48
actionadmin_noticesone-click-start.php:70
Maintenance & Trust

One Click Start Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 8, 2025
PHP min version7.4
Downloads354

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

One Click Start Alternatives

Starter Templates & Sites Pack by ThemeGrill

Starter Templates & Sites Pack by ThemeGrill

themegrill-demo-importer

A
93

Premium starter sites and website templates by ThemeGrill. Import demo content, widgets, and theme settings with one click.

80K 2 CVEs
FunnelKit – Funnel Builder for WooCommerce Checkout

FunnelKit – Funnel Builder for WooCommerce Checkout

funnel-builder

B
82

Create high-converting WooCommerce checkout pages, WooCommerce thank you pages & sales funnels with the highest-rated WordPress funnel builder.

40K 13 CVEs
Bosa Elementor Addons and Templates for WooCommerce

Bosa Elementor Addons and Templates for WooCommerce

bosa-elementor-for-woocommerce

A
99

Elementor Addon with widgets and templates for WooCommerce.

30K 1 CVE
Clever Fox

Clever Fox

clever-fox

A
99

Clever Fox plugin to enhance the functionality of free themes made by Nayra Themes.

30K 2 CVEs
Keon Toolset

Keon Toolset

keon-toolset

A
100

Import dummy data for themes developed by Keon Themes.

30K No CVEs
Developer Profile

One Click Start Developer Profile

haas_ib

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect One Click Start

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/one-click-start/assets/css/ocs-admin-styles.css/wp-content/plugins/one-click-start/assets/js/ocs-admin-scripts.js
Script Paths
/wp-content/plugins/one-click-start/assets/js/ocs-admin-scripts.js
Version Parameters
one-click-start?ver=ocs-admin-styles.css?ver=ocs-admin-scripts.js?ver=

HTML / DOM Fingerprints

CSS Classes
one-click-startocs-admin-styles
HTML Comments
FILE: one-click-start.php (Main Plugin File)FILE: includes/class-ocs-core.php
Data Attributes
data-action="one_click_start_export_recipe"data-nonce="
JS Globals
one_click_start_ajax_object
REST Endpoints
/wp-json/one-click-start/v1
FAQ

Frequently Asked Questions about One Click Start