OneClick Chat to Order

1.1.1 – March 27, 2026

New Features

• Automated Checkbox Migration Routine – Background database migration (wa_order_run_migrations) runs automatically on update, inspecting database state and repairing corrupted settings options back to their intended ‘yes’/’no’ values.
• Migration Admin Notice – One-time dismissible notice for administrators confirming when the database repair is complete, with a link to review settings.
• WooCommerce Block Cart Support – Full support for the Gutenberg-based Block Cart via dual-mode hook approach. Uses MutationObserver JavaScript injection to wait for React hydration before inserting the WhatsApp checkout button.
• Block Cart “Hide Checkout” Support – Scoped dynamic CSS injected via wp_head to hide the Block Cart’s native checkout button, since remove_action(‘woocommerce_proceed_to_checkout’) is ignored by Block Cart.

Bug Fixes

• Fixed a major glitch causing all checkbox-based plugin settings (e.g. enabling/disabling cart buttons, altering visibility, GDPR toggles) to fail to save across the entire plugin.
• Restored missing sanitize_checkbox callbacks across 35+ register_setting rules, correctly translating checkbox states to binary ‘yes’/’no’ options.
• Fixed the WhatsApp Cart Button not rendering on sites using modern block themes (e.g. Twenty Twenty-Five) due to WooCommerce transitioning from legacy shortcodes to React-based Block Cart.
• Fixed the “Hide Proceed to Checkout button?” option being silently ignored on Block Cart structures.

1.1.0 – December 11, 2025

Security Advisory: This update addresses a Missing Authorization vulnerability (CVE-2025-14270) that allowed authenticated users with Editor role or higher to modify plugin settings without proper authorization.
Credits: Thank you to the Wordfence security team for responsible disclosure.

Security Update

• Authorization Fix – Added proper capability checks to restrict WhatsApp number management to administrators only
• Custom Post Type Restriction – WhatsApp Numbers CPT now requires manage_options capability for all operations
• Nonce Verification – Enhanced CSRF protection for all save operations

Technical Details

• Minimal Implementation – Security fix with no impact on existing functionality
• Backward Compatible – All existing features work exactly as before
• WordPress Standards – Uses WordPress core capability system

Important Notes

• Security Update – Addresses unauthorized settings modification issue
• No Breaking Changes – Only administrators could previously access these settings in the UI
• Immediate Update Recommended – Update to ensure proper authorization controls

1.0.9 – November 07, 2025

Security Advisory: This update addresses a potential IDOR (Insecure Direct Object Reference) vulnerability that could allow unauthorized access to order details.
Credits: Thank you very much to Md Shofiur R. from Pentest Testing Corp for responsible disclosure.

Security Update

• Order Access Validation – Added validation to prevent unauthorized access to order details on thank you pages
• IDOR Vulnerability Fix – Implemented proper authorization checks to ensure users can only view their own orders or orders they have permission to access

Security Improvements

• User Permission Checks – Verify user ownership before displaying order information
• Admin Access Control – Maintain proper admin access to all orders for management purposes
• Guest Order Protection – Validate order keys for guest purchases following WooCommerce standards

Technical Details

• Minimal Implementation – Added single security function with no performance impact
• Backward Compatible – No changes to existing functionality or user experience
• WordPress Standards – Uses only WordPress and WooCommerce core functions

Important Notes

• Security Update – Addresses potential unauthorized order access issue
• No Breaking Changes – All existing features work exactly as before
• Immediate Update Recommended – Update to ensure order privacy protection

1.0.8 – August 06, 2025

Major New Features

• Force wa.me URL Option – Override mobile/desktop base URL settings to use wa.me for all WhatsApp links, ensuring consistent behavior across all devices
• JavaScript onClick Events – Choose between standard link tags or inline onClick events for better Ajax compatibility and modern theme support
• Comprehensive Uninstall System – Complete data cleanup with user control over what gets deleted during plugin removal
• WPML Integration – Full multilingual support with comprehensive translation configuration for international stores
• Enhanced CSS Styling – Completely refactored CSS with natural styling that seamlessly adapts to any theme
• Conditional CSS Classes – Smart CSS class application (single_add_to_cart_button) only when positioned after Add to Cart button

Technical Enhancements

• Performance Optimization – Intelligent caching system, efficient database queries, and conditional script loading
• Security Hardening – Comprehensive input sanitization, output escaping, and XSS protection throughout the codebase
• JavaScript Improvements – Enhanced event handling to prevent WooCommerce conflicts with onClick buttons
• Accessibility Features – Support for high contrast mode, reduced motion preferences, and better keyboard navigation
• Mobile Optimization – Improved touch targets, spacing, and responsive design across all button types

Critical Bug Fixes

• onClick Button Redirects – Fixed onClick buttons redirecting to /undefined by preventing WooCommerce event conflicts
• Floating Button Icons – Resolved icon positioning issues with proper CSS structure and SVG implementation
• JavaScript Console Errors – Fixed errors with defensive programming and conditional loading
• Button Styling Consistency – Corrected styling inconsistencies across different themes and positions
• File Loading Issues – Added proper file existence checks before enqueueing JavaScript files

Security Improvements

• XSS Vulnerability Fixes – Fixed multiple Cross-Site Scripting vulnerabilities with proper sanitization
• Enhanced HTML Filtering – Comprehensive wp_kses configuration for safe HTML output
• Nonce Verification – Enhanced CSRF protection across all admin forms and metaboxes
• Input Validation – Improved validation and sanitization for all user inputs including POST data
• Capability Checks – Added proper permission checks for admin functions and post meta operations

Compatibility Updates

• WordPress 6.8.2 – Full compatibility with latest WordPress version
• WooCommerce 10.0.4 – Updated compatibility with latest WooCommerce version
• HPOS Support – Enhanced High Performance Order Storage compatibility declarations
• Theme Compatibility – Natural styling that adapts to any theme without conflicts
• Variable Products – Added support for complex product configurations and variations

Performance Enhancements

• CSS Optimization – Better organization, reduced redundancy, and improved loading speed
• Database Efficiency – Optimized queries with proper caching and transient management
• Asset Loading – Conditional enqueueing based on page context to reduce unnecessary loading
• Memory Usage – Improved memory efficiency and reduced resource consumption

Internationalization

• Translation Ready – All strings properly prepared for translation
• WPML Configuration – Complete translation configuration for multilingual stores
• Admin Interface – Proper translation support for all admin notices and error messages
• User Experience – Consistent multilingual experience across all plugin features

1.0.7 – September 30, 2024

• [New] Added a Single Product Page shortcode that pulls in product details and can be placed anywhere.
• [New] Introduced options for controlling the WhatsApp base URL for both mobile and desktop devices.
• [Improvement] Enhanced text configurability for better label customization in WhatsApp messages.
• [Improvement] Added an option to include both regular and sale prices in messages sent from single product pages.
• [Improvement] Introduced two new button positions on single product pages: “After Single Product Summary” and “Around Product Share Area”.
• [Improvement] Added an option to make the WhatsApp button full width on single product pages.
• [Improvement] Introduced an option to include tax information in messages sent from the Cart page.
• [Improvement] Enhanced WhatsApp messages sent from the Cart page to include coupons, price calculations, tax, shipping details, and more.
• [Improvement] Added an option to display the “Total Products” label in WhatsApp messages sent from the Thank You page.
• [Improvement] Introduced options to include or exclude coupon/discount information in WhatsApp messages sent from the Thank You page.
• [Improvement] Added options to include or exclude the Order Summary Link in WhatsApp messages sent from the Thank You page.
• [Improvement] Added an option to include or exclude the Payment Link in WhatsApp messages sent from the Thank You page.
• [Improvement] Added an option to include or exclude the “View Order” link in WhatsApp messages sent from the Thank You page.
• [Improvement] Introduced an option to include or exclude the Order Number in WhatsApp messages sent from the Thank You page.
• [Improvement] Added an option to include or exclude tax information in WhatsApp messages sent from the Thank You page.
• [Improvement] Fixed an issue where key details were missing from messages sent from the Thank You page.
• [Improvement] Refactored the message structure for the Thank You page to conditionally display shipping address details if they differ from the billing address.
• [Improvement] Fixed an issue where the WhatsApp button did not display on the Cart page.
• [Improvement] Added transients for improved database performance.
• [Improvement] Optimized, sanitized, and made all strings translation-ready.
• [Improvement] Refactored the codebase for single product pages for better performance.
• [Improvement] Refactored the codebase for the shop loop and product archive pages.
• [Improvement] Added padding and margin options for the floating button.
• [Improvement] Added padding and margin options for the floating button icon.
• [Improvement] Enhanced the rendering of the Floating Button.
• [Improvement] Fixed an issue where the WhatsApp button wasn’t visible when the “Hide Add to Cart” option was enabled.
• [Improvement] Introduced the ability to customize output via apply_filters() for various configurable variables.
• [Improvement] Added filters to make key elements configurable across various sections, such as product names, prices, and URLs for WhatsApp messages.
• [Improvement] Refactored and optimized the floating button CSS, making margin and padding values dynamically configurable via settings.
• [Improvement] Added validation checks and improved security for input handling across shortcode attributes, ensuring safer usage and improved performance.

1.0.6 – December 15, 2023

• Fixed Stored Cross-Site Scripting for the ‘waorder’ shortcode
• Fixed the WhatsApp button not showing on Thank You / Order Received page.
• Fixed the WhatsApp button not showing on a single product page where the Hide Add to Cart button? is checked.
• Optimized the way the saved options fetched from database.
• Code cleaned up

1.0.5 – November 16, 2023

• Fixed Stored Cross-Site Scripting (XSS) vulnerability
• Fixed various unescaped input fields for better security
• Fixed the output of messages on Cart and Checkout pages
• Fixed the output of stylings on the front-end from Display Options settings page
• Compatibility with the latest WordPress version and the WooCommerce High-Performance Order Storage (HPOS)
• Simplified major code logics for better security, best practice, and performance
• Removed the option to select WhatsApp base subdomain URL (previously there are options to select either api* or web*)
• Updated wp-color-picker-alpha to the latest version
• Code cleaned up

1.0.4.2 – December 27, 2022

• Fixed Stored Cross-Site Scripting vulnerability in an unescaped data
• Code cleaned up

1.0.4.1 – December 07, 2020

• Fixed a minor issue on Floating settings tab
• Code cleaned up

1.0.4 – December 06, 2020

• New: Three new selectable WhatsApp button positions on single product page to fix issue for users using theme with ajax feature.
• New: Hide WhatsApp and floating buttons on all posts and pages, specific posts, pages, product categories and tags.
• New: Button color & box shadpw customization options for WhatsApp and floating buttons.
• New: Button margin & padding customization options for WhatsApp button on single product page.
• New: Hide Add to Cart button only on a specific product via product editor page.
• New: The force show the Add to Cart button option on product editor page to keep displaying Add to Cart button regardless the configuration you set on the global settings page.
• [Improvement] New selectable WhatsApp base URL to improve clickable link on mobile devices.
• [Improvement] Replaced the mobile detection to fix the issue on iOS devices.
• [Improvement] Translations updated for Bahasa Indonesia.
• WooCommerce Latest Version Compatibility v4.7.1.
• Code cleaned up.

1.0.3 – November 06, 2020

• Fixed message sent from Thank You page didn’t include customer details
• Fixed the structure of message sent from Cart page
• WooCommerce Latest Version Compatibility v4.6.2
• Code cleaned up.

1.0.2 – November 04, 2020

• Fixed floating button with no number issue.
• Fixed and cleaned code on every file for displaying button.
• Code cleaned up.

1.0.1 – November 02, 2020

• New: Shipping name and its cost in the message sent from Order Received & Cart page. If exists, it will show shipping address and details instead of customer’s billing info.
• New: Option to set Customer Details Label in the message sent from Order Received page.
• New: Option to include product SKU in the message sent from Order Received page.
• New: Automatically include all selected product attributes / variations in the message sent from Order Received page.
• New: Option to hide floating button only on desktop.
• [Improvement] Include all selected product attributes / variations in the message sent from Cart page instead of just one.
• [Improvement] Price amount format for discounts.
• [Improvement] Added discount deduction formula.
• [Improvement] Added subtotal & total price before and after discount.
• [Improvement] Added a shortcode generator to generate a dynamic shortcode instead of just using one shortcode for all.
• [Improvement] Fixed possible SEO issues for number custom post type. Set publicly_queryable to false to prevent possible SEO issues everytime a WhatsApp number is set and published, and removed the number redirection.
• Fixed undefined post ID notice on the front end when no WhatsApp number is published.
• Fixed and added default custom button and floating button tooltip texts when they are still empty.
• Code cleaned up.

1.0.0 – October 20, 2020

• New: Multiple Numbers feature. Now every user can add more than one WhatsApp numbers and assign them to specific page.
• New: Option to assign a WhatsApp number from a list of created numbers only for a single product.
• New: An option to hide or show the Order Date from WA message sent from Thank You page.
• New: An option to include Order Number from WA message sent from Thank You page.
• Fixed WhatsApp base URL to make it compatible on both mobile and desktop
• Fixed pricing format and currency issues
• Fixed order date time format
• Fixed other minor issues
• Code cleaned up

0.1.9.1 – May 11, 2020

• Fixed a minor issue
• Code cleaned up

0.1.9 – May 11, 2020

• New: Option to exclude price in the message sent from Shop loop page
• New: Option to open shortcode button link in new tab
• Fixed discount amount sent from checkout page

0.1.8 – May 10, 2020

• Fixed missing file issue

0.1.7 – May 10, 2020

• New: Options to set button text and custom message for individual product, including option to individually hide / show WhatsApp button on single product page
• New: Options to individually hide button on shop loop, cart, and thank you page on mobile and desktop
• New: Option to include source page URL in the message when the floating button is clicked
• New: Option to include product variation on Cart page (only one variation from each product)
• New: Option to include coupon code in the Checkout put (that will include coupon code details in the message)
• WooCommerce Latest Version Compatibility v4.1.0
• Various bug fixes
• Code cleaned up

0.1.6 – May 06, 2020

• Fixed incorrect number of the total amount (thanks @atempel for pointing this out)
• Code cleaned up

0.1.5 – May 02, 2020

• New: Full options to individually hide or show WhatsApp button on every page
• New: Individual options to exclude some labels in the message and managing button click target
• Misc: Replaced icon depedency to make it faster in terms of loading speed
• Fixed major issues such as incorrect number format and some non-functional plugin options
• Fixed CSS issues
• Code cleaned up

0.1.4 – April 15, 2020

• Fixed issues on some themes
• Fixed CSS issues
• Code cleaned up

0.1.3 – April 12, 2020

• New: Option to Override Thank You Page Title and add a WhatsApp button to send complete order details
• New: Option to show WhatsApp button on Cart page
• New: Option to show WhatsApp button on Shop page product loop
• New: Options to change labels for product details in sent message
• New: Converted customer’s number into clickable WhatsApp link on Order Details page (admin Dashboard)
• New: Options to hide button both on Desktop and Mobile respectively
• Fixed button icon not showing
• Fixed other CSS issues
• Code cleaned up

0.1.2 – November 23, 2019

• Complying to Copyright and Trademark Guidelines
• Rebranded “OneClick WA Order” to “OneClick Chat to Order”
• Code cleaned up

0.1.1 – November 22, 2019

• Complying to Copyright and Trademark Guidelines
• Rebranded “OneClick WhatsApp Order” to “OneClick WA Order”
• Code cleaned up

0.1.0 – February 17, 2019

• [NEW] Option to exclude price in WA message output
• [NEW] Option to hide product quantity in a single product page (if sold individually)
• [Improvement] More translation-ready
• Code cleaned up

0.0.5 – February 12, 2019

• [Fix] CSS issue on WA button
• [Improvement] Compatibility with various themes
• Code cleaned up

0.0.4 – February 10, 2019

• [Fix] WA button is redirected to the same page when displaying GDPR checkbox
• [Improvement] Changed icons library into Font Awesome
• [Improvement] Tooltip on floating button is much more smooth than before
• [Improvement] Strings corrected and translations added
• Code cleaned up

0.0.3 – February 9, 2019

• [Improvement] Move WA button position: right beside the Add to Cart button, sit side-by-side
• [Improvement] Repositioned floating button icon
• Code cleaned up

0.0.2 – February 6, 2019

• [Improvement] Plugin setting page
• Code cleaned up

0.0.1 – February 3, 2019

• Initial Release