Does Orders Chat for WooCommerce have any unpatched vulnerabilities?

Yes — Orders Chat for WooCommerce currently has 1 unpatched vulnerability. We recommend switching to an alternative or applying any available workarounds.

Is Orders Chat for WooCommerce compatible with WordPress 6.8.5?

According to WordPress.org data, Orders Chat for WooCommerce 1.2.0 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Orders Chat for WooCommerce compatible with PHP 5.6+?

Orders Chat for WooCommerce requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Orders Chat for WooCommerce updated?

Orders Chat for WooCommerce was last updated on Apr 17, 2025. Frequent updates are generally a positive security signal.

What is Orders Chat for WooCommerce's security score?

Orders Chat for WooCommerce has a WP-Safety security score of 78/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Orders Chat for WooCommerce Security & Risk Analysis

wordpress.org/plugins/orders-chat-for-woocommerce

Allows you to set a specific price for a certain quantity of product. Shows quantity pricing table/blocks/options/dropdown/tooltip.

100 active installs v1.2.0 PHP 5.6+ WP 4.0+ Updated Apr 17, 2025

chatmessengersupportwoocommerce

B · Generally Safe

CVEs total1

Unpatched1

Last CVEDec 31, 2025

Download

Safety Verdict

Is Orders Chat for WooCommerce Safe to Use in 2026?

Mostly Safe

Score 78/100

Orders Chat for WooCommerce is generally safe to use. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: Dec 31, 2025Updated 11mo ago

Risk Assessment

The "orders-chat-for-woocommerce" plugin v1.2.0 exhibits a generally good security posture with a large percentage of SQL queries using prepared statements and a high rate of output escaping. The absence of AJAX handlers, REST API routes, shortcodes, and cron events in the static analysis suggests a limited attack surface, and importantly, none of these potential entry points were found to be unprotected. The plugin also includes two nonce checks and two capability checks, which are positive security indicators.

However, the taint analysis reveals two flows with unsanitized paths and a high severity rating, indicating a potential for vulnerabilities if these flows are exploited. While the plugin has only one known CVE, it is currently unpatched and classified as medium severity. This, combined with the taint analysis findings, suggests that while many security practices are followed, there are critical areas that require immediate attention. The vulnerability history, though short, shows a pattern of missing authorization, which is a significant concern.

In conclusion, the plugin demonstrates a commitment to secure coding practices in many areas. Nevertheless, the identified taint flow issues and the unpatched medium severity CVE, particularly one related to missing authorization, represent significant weaknesses that could be exploited. Addressing these specific issues is paramount to improving the plugin's overall security.

Key Concerns

Unpatched medium severity CVE
High severity taint flows found
Bundled outdated library (Freemius v1.0)

Vulnerabilities

Orders Chat for WooCommerce Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched

2025

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2025-49356medium · 4.3Missing Authorization

Orders Chat for WooCommerce <= 1.2.0 - Missing Authorization

Dec 31, 2025Unpatched

Code Analysis

Analyzed Mar 16, 2026

Orders Chat for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

20 prepared

Unescaped Output

420 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

83% prepared24 total queries

Output Escaping

96% escaped436 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

loadMessenger (src\Admin\ModalOrderMessenger.php:85)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Orders Chat for WooCommerce Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 49

actioninitsrc\Addons\ScheduleMessages.php:23

actionorder_messenger/admin/messenger_metabox/additional_optionssrc\Addons\ScheduleMessages.php:84

filterorder_messenger/message/allowed_typessrc\Addons\ScheduleMessages.php:149

filterorder_messenger/messages/before_saving_admin_messagesrc\Addons\ScheduleMessages.php:156

filterorder_messenger/message/message_template_pagesrc\Addons\ScheduleMessages.php:184

filterorder_messenger/config/message_types_admin_should_be_notifiedsrc\Addons\ScheduleMessages.php:202

actionadmin_enqueue_scriptssrc\Admin\Admin.php:25

actionadmin_headsrc\Admin\Admin.php:31

actionadmin_noticessrc\Admin\Admin.php:32

actionrestrict_manage_postssrc\Admin\Admin.php:33

filterparse_querysrc\Admin\Admin.php:34

actionbefore_delete_postsrc\Admin\Admin.php:35

actionwp_trash_postsrc\Admin\Admin.php:41

actionwoocommerce_before_delete_ordersrc\Admin\Admin.php:48

actionwoocommerce_before_trash_ordersrc\Admin\Admin.php:54

actionmanage_shop_order_posts_custom_columnsrc\Admin\ModalOrderMessenger.php:21

actionwoocommerce_shop_order_list_table_custom_columnsrc\Admin\ModalOrderMessenger.php:23

filtermanage_edit-shop_order_columnssrc\Admin\ModalOrderMessenger.php:25

filterwoocommerce_shop_order_list_table_columnssrc\Admin\ModalOrderMessenger.php:27

actionadd_meta_boxessrc\Admin\OrderMessengerMetabox.php:23

actionshutdownsrc\Admin\OrderMessengerMetabox.php:69

actionrest_api_initsrc\API\REST\MessagesREST.php:25

filterwoocommerce_account_menu_itemssrc\Frontend\AccountManager.php:25

filterwoocommerce_my_account_my_orders_actionssrc\Frontend\AccountManager.php:32

actionwoocommerce_account_messenger_endpointsrc\Frontend\AccountManager.php:44

actionwoocommerce_account_messages_endpointsrc\Frontend\AccountManager.php:48

actionwp_headsrc\Frontend\AccountManager.php:56

filterwoocommerce_endpoint_messenger_titlesrc\Frontend\AccountManager.php:99

filterwoocommerce_endpoint_messages_titlesrc\Frontend\AccountManager.php:101

actionwp_enqueue_scriptssrc\Frontend\Frontend.php:26

actionwp_headsrc\Frontend\Frontend.php:40

actionshutdownsrc\NotificationManager.php:27

actionorder_messenger/messages/message_createdsrc\NotificationManager.php:29

actionplugins_loadedsrc\OrderMessengerPlugin.php:44

filterwoocommerce_get_query_varssrc\OrderMessengerPlugin.php:46

filterwoocommerce_email_classessrc\OrderMessengerPlugin.php:53

actioninitsrc\OrderMessengerPlugin.php:62

actionbefore_woocommerce_initsrc\OrderMessengerPlugin.php:71

filterwoocommerce_new_order_note_datasrc\OrderMessengerPlugin.php:94

filterwoocommerce_email_enabled_customer_notesrc\OrderMessengerPlugin.php:113

actionwoocommerce_order_status_changedsrc\OrderMessengerPlugin.php:118

filterwoocommerce_product_data_tabssrc\ProductManager.php:24

actionwoocommerce_product_data_panelssrc\ProductManager.php:25

actionwoocommerce_process_product_metasrc\ProductManager.php:26

actionwoocommerce_order_actionssrc\ProductManager.php:43

actionwoocommerce_order_action_om_send_purchasing_messagesrc\ProductManager.php:50

actioninitsrc\Settings\Settings.php:34

actioninitsrc\Settings\Settings.php:168

filterwoocommerce_settings_tabs_arraysrc\Settings\Settings.php:171

Maintenance & Trust

Orders Chat for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedApr 17, 2025

PHP min version5.6

Downloads2K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

Orders Chat for WooCommerce Alternatives

Live Chat with Messenger Customer Chat

fb-messenger-live-chat

Support your customers via Facebook Messenger Live Chat conveniently from your own website.

3K 1 CVE

MxChat – AI Chatbot & Content Generation for WordPress

mxchat-basic

The best free AI chatbot and content generation plugin for WordPress. Train ChatGPT, Claude, Gemini, or Grok on your website content.

1K 2 CVEs

Live Chat & AI Chatbots – onWebChat

onwebchat

Enhance customer service with instant 24/7 AI-powered replies. Now with WooCommerce integration, so your chatbot understands your products and helps c …

800 1 CVE

Re:amaze Helpdesk & Live Chat

reamaze

Boost sales conversions, loyalty, and engagement. Manage your social, email, sms, live chat, FAQ for your WordPress or WooCommerce store.

400 1 CVE

Muchat – AI Chatbot (with Autosync)

muchat-ai

100

Integrate MuChat: AI Chatbot for WordPress/WooCommerce, with auto-sync for enhanced customer support

300 No CVEs

Developer Profile

Orders Chat for WooCommerce Developer Profile

Mykola Lukin

4 plugins · 10K total installs

trust score

Avg Security Score

95/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Orders Chat for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/orders-chat-for-woocommerce/admin/messenger.js/wp-content/plugins/orders-chat-for-woocommerce/admin/messenger.css/wp-content/plugins/orders-chat-for-woocommerce/assets/css/admin/styles.css/wp-content/plugins/orders-chat-for-woocommerce/assets/js/admin/order-chat.js/wp-content/plugins/orders-chat-for-woocommerce/assets/js/admin/order-chat.js?ver=1.2.0/wp-content/plugins/orders-chat-for-woocommerce/assets/js/vendor/bootstrap.min.js/wp-content/plugins/orders-chat-for-woocommerce/assets/js/vendor/jquery.nice-select.js/wp-content/plugins/orders-chat-for-woocommerce/assets/js/vendor/magnific-popup.js+10 more

Script Paths

admin/messenger.jsadmin/order-chat.jsvendor/bootstrap.min.jsvendor/jquery.nice-select.jsvendor/magnific-popup.jsfrontend/order-chat.js+1 more

Version Parameters

orders-chat-for-woocommerce/admin/messenger.js?ver=orders-chat-for-woocommerce/admin/messenger.css?ver=orders-chat-for-woocommerce/assets/css/admin/styles.css?ver=orders-chat-for-woocommerce/assets/js/admin/order-chat.js?ver=orders-chat-for-woocommerce/assets/js/vendor/bootstrap.min.js?ver=orders-chat-for-woocommerce/assets/js/vendor/jquery.nice-select.js?ver=orders-chat-for-woocommerce/assets/js/vendor/magnific-popup.js?ver=orders-chat-for-woocommerce/assets/js/frontend/order-chat.js?ver=orders-chat-for-woocommerce/assets/js/frontend/customer.js?ver=orders-chat-for-woocommerce/assets/css/frontend/styles.css?ver=orders-chat-for-woocommerce/assets/css/frontend/responsive.css?ver=orders-chat-for-woocommerce/assets/fonts/icomoon/style.css?ver=

HTML / DOM Fingerprints

CSS Classes

om-unread-messages-countorder-chat-buttonorder-chat-wrapperorder-chat-headerorder-chat-message-listorder-chat-messageorder-chat-input-areaom-upgrade-alert+4 more

HTML Comments

Data Attributes

data-notifications-countdata-order-iddata-chat-id

JS Globals

omfw_fsOrderMessengerPlugin

FAQ