Does OneClick Chat to Order have any unpatched vulnerabilities?

No. All known vulnerabilities in OneClick Chat to Order have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is OneClick Chat to Order compatible with WordPress 6.9.4?

According to WordPress.org data, OneClick Chat to Order 1.1.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is OneClick Chat to Order compatible with PHP 7.4+?

OneClick Chat to Order requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is OneClick Chat to Order updated?

OneClick Chat to Order was last updated on Dec 11, 2025. Frequent updates are generally a positive security signal.

What is OneClick Chat to Order's security score?

OneClick Chat to Order has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

OneClick Chat to Order Security & Risk Analysis

wordpress.org/plugins/oneclick-whatsapp-order

Transform your WooCommerce store with seamless WhatsApp integration. Enable customers to order products instantly via WhatsApp with enhanced features.

40K active installs v1.1.0 PHP 7.4+ WP 6.0+ Updated Dec 11, 2025

click-to-chatwhatsappwhatsapp-chatwoocommercewoocommerce-whatsapp

A · Safe

CVEs total6

Unpatched0

Last CVEFeb 18, 2026

Plugin page Download

Safety Verdict

Is OneClick Chat to Order Safe to Use in 2026?

Generally Safe

Score 92/100

OneClick Chat to Order has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Feb 18, 2026Updated 3mo ago

Risk Assessment

The static analysis of the "oneclick-whatsapp-order" v1.1.0 plugin reveals a mixed security posture. While the plugin demonstrates good practices by exclusively using prepared statements for SQL queries and performing capability checks on its entry points, there are notable areas of concern. The output escaping is only 69% proper, indicating a significant risk of Cross-Site Scripting (XSS) vulnerabilities where user-supplied data might not be adequately neutralized before being displayed. The absence of taint analysis results is also a weakness, as it means potential data flow vulnerabilities may have been missed. Furthermore, the plugin has a concerning history of six known CVEs, with past vulnerabilities including Missing Authorization, Exposure of Sensitive Information, and Cross-Site Scripting. Although no CVEs are currently unpatched, this historical pattern suggests recurring security weaknesses that require diligent monitoring and timely updates.

Key Concerns

Output escaping is only 69% proper
Vulnerability history: 6 known CVEs
Vulnerability history: 1 high severity CVE
Vulnerability history: 4 medium severity CVEs
Vulnerability history: 1 low severity CVE
Bundled outdated library: Select2

Vulnerabilities

OneClick Chat to Order Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

1 CVE in 2023

2023

2 CVEs in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

Low

6 total CVEs

CVE-2025-14270low · 2.7Missing Authorization

OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update

Feb 18, 2026 Patched in 1.1.0 (1d)

CVE-2025-13526high · 7.5Exposure of Sensitive Information to an Unauthorized Actor

OneClick Chat to Order <= 1.0.8 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure

Nov 21, 2025 Patched in 1.0.9 (1d)

CVE-2024-29789medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OneClick Chat to Order <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Mar 25, 2024 Patched in 1.0.6 (17d)

WF-3e4aaf2e-a0c6-47d2-9eb8-d65952a74424-oneclick-whatsapp-ordermedium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OneClick Chat to Order <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Jan 8, 2024 Patched in 1.0.6 (15d)

CVE-2023-47546medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OneClick Chat to Order <= 1.0.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Nov 7, 2023 Patched in 1.0.5 (77d)

CVE-2022-4760medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

OneClick Chat to Order <= 1.0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Dec 28, 2022 Patched in 1.0.4.2 (391d)

Code Analysis

Analyzed Mar 16, 2026

OneClick Chat to Order Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

231

511 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Select2

SQL Query Safety

100% prepared12 total queries

Output Escaping

69% escaped742 total outputs

Attack Surface

OneClick Chat to Order Attack Surface

Entry Points5

Unprotected0

Shortcodes 5

[donate] admin\wa-admin-page.php:587

[wa-order] includes\wa-button.php:90

[waorder] includes\wa-button.php:126

[oneclick] includes\wa-button.php:322

[gdpr_link] includes\wa-gdpr.php:28

WordPress Hooks 71

actionadmin_menuadmin\wa-admin-page.php:25

actionadmin_initadmin\wa-admin-page.php:32

actionadmin_menuadmin\wa-admin-page.php:34

actionwoocommerce_after_cart_totalsincludes\buttons\wa-order-cart-page.php:272

actionwoocommerce_before_cartincludes\buttons\wa-order-cart-page.php:283

actionwp_headincludes\buttons\wa-order-display-options.php:20

actionwp_headincludes\buttons\wa-order-display-options.php:98

actionwp_headincludes\buttons\wa-order-display-options.php:136

actionwp_headincludes\buttons\wa-order-display-options.php:195

actionwp_headincludes\buttons\wa-order-display-options.php:216

filterwoocommerce_is_sold_individuallyincludes\buttons\wa-order-display-options.php:246

actionwp_print_stylesincludes\buttons\wa-order-display-options.php:284

actionwp_footerincludes\buttons\wa-order-floating-button.php:76

actionwp_headincludes\buttons\wa-order-floating-button.php:196

actionwp_footerincludes\buttons\wa-order-floating-button.php:318

actionwp_footerincludes\buttons\wa-order-floating-button.php:339

actionwp_headincludes\buttons\wa-order-floating-button.php:381

actionwp_headincludes\buttons\wa-order-floating-button.php:393

actionwoocommerce_after_shop_loop_itemincludes\buttons\wa-order-shop-archive.php:154

actionwp_headincludes\buttons\wa-order-shop-archive.php:161

actionwp_headincludes\buttons\wa-order-shop-archive.php:277

actionwp_headincludes\buttons\wa-order-single-product.php:354

actionwp_headincludes\buttons\wa-order-single-product.php:357

actionwoocommerce_before_single_productincludes\buttons\wa-order-single-product.php:402

actionwp_footerincludes\buttons\wa-order-single-product.php:411

actionwp_footerincludes\buttons\wa-order-single-product.php:437

filterwoocommerce_is_purchasableincludes\buttons\wa-order-single-product.php:439

actionwp_footerincludes\buttons\wa-order-single-product.php:440

filterwoocommerce_is_purchasableincludes\buttons\wa-order-single-product.php:444

actionwpincludes\buttons\wa-order-single-product.php:447

filterwoocommerce_is_purchasableincludes\buttons\wa-order-single-product.php:496

actionwp_headincludes\buttons\wa-order-single-product.php:503

filterwoocommerce_get_price_htmlincludes\buttons\wa-order-single-product.php:512

filterwoocommerce_variable_sale_price_htmlincludes\buttons\wa-order-single-product.php:513

filterwoocommerce_variable_price_htmlincludes\buttons\wa-order-single-product.php:514

filterwoocommerce_get_variation_price_htmlincludes\buttons\wa-order-single-product.php:515

actionwoocommerce_before_single_productincludes\buttons\wa-order-single-product.php:518

actionwp_headincludes\buttons\wa-order-single-product.php:582

filterwoocommerce_thankyou_order_received_textincludes\buttons\wa-order-thank-you.php:399

actionwp_footerincludes\buttons\wa-order-thank-you.php:417

actioninitincludes\multiple-numbers.php:62

actionadd_meta_boxesincludes\multiple-numbers.php:78

actionsave_postincludes\multiple-numbers.php:134

filterpost_updated_messagesincludes\multiple-numbers.php:140

actionsave_postincludes\multiple-numbers.php:174

actionsave_postincludes\multiple-numbers.php:202

filterredirect_post_locationincludes\multiple-numbers.php:224

actionadmin_noticesincludes\multiple-numbers.php:231

actionadmin_noticesincludes\multiple-numbers.php:238

actionadmin_noticesincludes\wa-button.php:56

actionadmin_footerincludes\wa-button.php:163

actionwa_order_action_pluginincludes\wa-gdpr.php:29

filterwoocommerce_product_data_tabsincludes\wa-metabox.php:20

actionwoocommerce_product_data_panelsincludes\wa-metabox.php:31

actionwoocommerce_process_product_metaincludes\wa-metabox.php:114

actionadmin_headincludes\wa-metabox.php:172

actionplugins_loadedwhatsapp-order.php:52

actionbefore_woocommerce_initwhatsapp-order.php:71

actionwp_enqueue_scriptswhatsapp-order.php:93

actionwp_enqueue_scriptswhatsapp-order.php:108

actionadmin_enqueue_scriptswhatsapp-order.php:116

actionadmin_enqueue_scriptswhatsapp-order.php:127

actionadmin_noticeswhatsapp-order.php:152

actionplugins_loadedwhatsapp-order.php:160

filterplugin_action_linkswhatsapp-order.php:176

actionadmin_enqueue_scriptswhatsapp-order.php:192

actionupdated_post_metawhatsapp-order.php:274

actionadded_post_metawhatsapp-order.php:275

filterkses_allowed_protocolswhatsapp-order.php:495

actionwp_enqueue_scriptswhatsapp-order.php:530

filteradmin_footer_textwhatsapp-order.php:652

Maintenance & Trust

OneClick Chat to Order Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version7.4

Downloads400K

Community Trust

Rating96/100

Number of ratings81

Active installs40K

Alternatives

OneClick Chat to Order Alternatives

Click to Chat – HoliThemes

click-to-chat-for-whatsapp

WhatsApp Chat🔥. Let's make your Web page visitors contact you through 'WhatsApp', 'WhatsApp Business'. Add matching Widget✅

700K 3 CVEs

Social Chat – Click To Chat App Button

wp-whatsapp-chat

100

WhatsApp Chat🔥 allows you to enhance customer engagement! Integrate "WhatsApp" or "WhatsApp Business" with a single click.

200K 1 CVE

WP Chat App

wp-whatsapp

Integrate WhatsApp experience directly into your WordPress website.

100K 6 CVEs

Contact Form to Chat Apps | Click to Chat to Order – FormyChat

social-contact-form

100

Connect contact forms and WooCommerce to WhatsApp by live click to chat. Send form data to WhatsApp Business for instant customer engagement

3K No CVEs

Animated Floating Chat Button

animated-floating-chat-button

100

Adds an animated floating chat button to the WordPress site, making communication easier.

1K No CVEs

Developer Profile

OneClick Chat to Order Developer Profile

Walter Pinem

4 plugins · 41K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

73 days

View full developer profile

Detection Fingerprints

How We Detect OneClick Chat to Order

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/oneclick-whatsapp-order/assets/css/main-style.css/wp-content/plugins/oneclick-whatsapp-order/assets/js/wa-single-button.js/wp-content/plugins/oneclick-whatsapp-order/assets/css/admin-style.css/wp-content/plugins/oneclick-whatsapp-order/assets/css/select2.min.css/wp-content/plugins/oneclick-whatsapp-order/assets/js/admin-main.js/wp-content/plugins/oneclick-whatsapp-order/assets/js/select2.min.js/wp-content/plugins/oneclick-whatsapp-order/assets/js/select2-helper.js/wp-content/plugins/oneclick-whatsapp-order/assets/js/wp-color-picker-alpha.min.js+1 more

Script Paths

/wp-content/plugins/oneclick-whatsapp-order/assets/js/wa-single-button.js/wp-content/plugins/oneclick-whatsapp-order/assets/js/admin-main.js/wp-content/plugins/oneclick-whatsapp-order/assets/js/select2.min.js/wp-content/plugins/oneclick-whatsapp-order/assets/js/select2-helper.js/wp-content/plugins/oneclick-whatsapp-order/assets/js/wp-color-picker-alpha.min.js/wp-content/plugins/oneclick-whatsapp-order/assets/js/wp-color-picker-init.js

Version Parameters

oneclick-whatsapp-order/assets/css/main-style.css?ver=oneclick-whatsapp-order/assets/js/wa-single-button.js?ver=oneclick-whatsapp-order/assets/css/admin-style.css?ver=oneclick-whatsapp-order/assets/css/select2.min.css?ver=oneclick-whatsapp-order/assets/js/admin-main.js?ver=oneclick-whatsapp-order/assets/js/select2.min.js?ver=oneclick-whatsapp-order/assets/js/select2-helper.js?ver=oneclick-whatsapp-order/assets/js/wp-color-picker-alpha.min.js?ver=oneclick-whatsapp-order/assets/js/wp-color-picker-init.js?ver=

HTML / DOM Fingerprints

CSS Classes

wa_order_stylewa_order_style_adminwa_order_selet2_stylewa_order_js_adminwa_order_js_select2wa_order_select2_helperwp-color-picker-alphawp-color-picker-init

HTML Comments

+12 more

JS Globals

OCTO_NAMEOCTO_VERSIONOCTO_FILEOCTO_BASEOCTO_DIROCTO_URL+1 more

FAQ