CVE-2025-14270

Name of the Vulnerable Software and Affected Versions The OneClick Chat to Order plugin for WordPress versions up to and including 1.0.9

Description The plugin does not properly verify user authorization when performing actions within the wa order number save number field function. This allows authenticated attackers with Editor-level access or higher to modify WhatsApp phone numbers used by the plugin. Successful exploitation can redirect customer orders and messages to phone numbers controlled by the attacker.

Recommendations Update the plugin to a version newer than 1.0.9.