Does WP Tao One Time Offer have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Tao One Time Offer compatible with WordPress 4.8.28?

According to WordPress.org data, WP Tao One Time Offer 1.0.1 has been tested up to WordPress 4.8.28. Check the plugin's changelog for the latest compatibility information.

How often is WP Tao One Time Offer updated?

WP Tao One Time Offer was last updated on Jun 19, 2017. Frequent updates are generally a positive security signal.

What is WP Tao One Time Offer's security score?

WP Tao One Time Offer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Tao One Time Offer Security & Risk Analysis

wordpress.org/plugins/wp-tao-one-time-offer

Set any page as One Time Offer and show your special promotion only once per user! Works even when cookie is disabled or cleared!

10 active installs v1.0.1 PHP + WP 3.8+ Updated Jun 19, 2017

one-timeone-time-offerotowp-taowptao

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Tao One Time Offer Safe to Use in 2026?

Generally Safe

Score 85/100

WP Tao One Time Offer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The plugin "wp-tao-one-time-offer" v1.0.1 exhibits a strong security posture based on the provided static analysis. There are no identified entry points like AJAX handlers, REST API routes, or shortcodes that are exposed without authentication checks. The code also avoids dangerous functions and file operations, and it doesn't make external HTTP requests. The use of prepared statements for all SQL queries is a significant strength. However, a notable concern is the complete lack of output escaping for all identified output points. This means that any data displayed to users could potentially be vulnerable to cross-site scripting (XSS) attacks if that data originates from an untrusted source.

The vulnerability history for this plugin is clean, with no recorded CVEs. This, combined with the apparent robust design in the static analysis, suggests a generally secure plugin. The presence of nonce and capability checks, though limited in number, are positive indicators of security awareness in development. The absence of taint analysis findings further reinforces the perception of a secure codebase, but the lack of output escaping remains a critical oversight that needs immediate attention to mitigate potential XSS risks.

Key Concerns

All outputs are unescaped

Vulnerabilities

None known

WP Tao One Time Offer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WP Tao One Time Offer Release Timeline

v1.0.1Current

v1.0

Code Analysis

Analyzed Mar 17, 2026

WP Tao One Time Offer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

0% escaped2 total outputs

Attack Surface

WP Tao One Time Offer Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionadd_meta_boxesincludes\admin\class-metabox.php:6

actionsave_postincludes\admin\class-metabox.php:7

actionadmin_noticeswp-tao-one-time-offer.php:88

actiontemplate_redirectwp-tao-one-time-offer.php:92

actionplugins_loadedwp-tao-one-time-offer.php:157

Maintenance & Trust

WP Tao One Time Offer Maintenance & Trust

Maintenance Signals

WordPress version tested4.8.28

Last updatedJun 19, 2017

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

WP Tao One Time Offer Alternatives

Order Bump for WooCommerce

molongui-bump-offer

100

Boost sales by promoting products as upsells before payment. Customers can accept the deal from the Checkout page with just one click

700 No CVEs

Smash Balloon Social Photo Feed – Easy Social Feeds Plugin

instagram-feed

Formerly "Instagram Feed". Display clean, customizable, and responsive Instagram feeds from multiple accounts. Supports Instagram oEmbeds.

1.0M 4 CVEs

Photo Gallery, Sliders, Proofing and Themes – NextGEN Gallery

nextgen-gallery

The most popular gallery plugin that lets you create galleries and albums in seconds.

400K 38 CVEs

Firelight Lightbox

easy-fancybox

Formerly Easy Fancybox. The most popular WordPress lightbox plugin. Simple, fast, and responsive. Opens images, videos, PDFs, and custom popups.

200K 5 CVEs

Instant Images – One-click Image Uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy

instant-images

One-click uploads from Unsplash, Openverse, Pixabay, Pexels, and Giphy directly to your WordPress media library.

200K 3 CVEs

Developer Profile

WP Tao One Time Offer Developer Profile

Michal Jaworski

5 plugins · 740 total installs

trust score

Avg Security Score

89/100

Avg Patch Time

15 days

View full developer profile

Detection Fingerprints

How We Detect WP Tao One Time Offer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

Data Attributes

wptao-oto-url

FAQ