CVE-2025-14270 OneClick Chat to Order <= 1.0.9 - Missing Authorization to Authenticated (Editor+) Plugin Settings Update

The OneClick Chat to Order plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.0.9. This is due to the plugin not properly verifying that a user is authorized to perform an action in the waordernumbersavenumberfield function. This makes it possible for...

EUVD-2024-26784

Malicious code in bioql PyPI...

CVE-2024-29789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5...

CVE-2022-4760

The OneClick Chat to Order WordPress plugin before 1.0.4.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against hi...

OneClick Chat to Order < 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The OneClick Chat to Order plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,...

CVE-2024-29789

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5...

CVE-2024-29789

CVE-2024-29789 – Stored XSS in Walter Pinem OneClick Chat to Order (WordPress). Affected: OneClick Chat to Order plugin versions from n/a up to 1.0.5. Root cause per description: improper neutralization of input during web page generation. Impact: stored cross-site scripting, enabling injection o...

CVE-2024-29789 WordPress OneClick Chat to Order plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Walter Pinem OneClick Chat to Order allows Stored XSS.This issue affects OneClick Chat to Order: from n/a through 1.0.5...

WordPress OneClick Chat to Order Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software OneClick Chat to Order Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29789 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 255b07899e6d Credits Ngô Thiên An ancorn from VNPT-V...

WordPress OneClick Chat to Order Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS)

Software OneClick Chat to Order Type Plugin Vulnerable versions = 1.0.5 Fixed in 1.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID 703d2d9b7da8 Credits WordFence Required privileg...

Cross site scripting

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Walter Pinem OneClick Chat to Order plugin = 1.0.4.2 versions...

CVE-2023-47546

CVE-2023-47546 affects Walter Pinem OneClick Chat to Order plugin (versions

PT-2023-15423 · WordPress · Oneclick Chat To Order

Name of the Vulnerable Software and Affected Versions: OneClick Chat to Order WordPress plugin versions prior to 1.0.4.2 Description: The issue arises from the plugin not validating and escaping some of its shortcode attributes before outputting them back in the page. This could allow users with ...