WP-Safety

800Website Loyalty Rewards for WooCommerce Security & Risk Analysis

wordpress.org/plugins/800website-loyalty-rewards

A complete loyalty rewards system with points earning, redemption, staff scanner, and customer app for WooCommerce.

0 active installs v1.0.0 PHP 7.4+ WP 5.8+ Updated Feb 5, 2026
customer-rewardsloyaltyloyalty-programpointsrewards
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is 800Website Loyalty Rewards for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

800Website Loyalty Rewards for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago
Risk Assessment

The "800website-loyalty-rewards" plugin v1.0.0 demonstrates a generally good security posture with several positive attributes. The code exclusively uses prepared statements for SQL queries, and all output is properly escaped, mitigating common web vulnerabilities. Furthermore, the absence of dangerous function calls, file operations, and external HTTP requests, alongside no recorded vulnerability history, suggests a diligent approach to secure coding.

However, there are significant concerns related to the attack surface. Four entry points into the plugin are identified as unprotected, specifically two AJAX handlers and two REST API routes lacking proper authorization checks. While the taint analysis only identified one flow with an unsanitized path (categorized as high severity), the combination of unprotected entry points and this single high-severity taint flow presents a tangible risk. The plugin's vulnerability history is clean, but this does not negate the immediate risks identified in the static analysis.

In conclusion, the plugin has a strong foundation in secure coding practices. Nevertheless, the presence of unprotected AJAX and REST API endpoints, coupled with a high-severity unsanitized path, requires immediate attention. Addressing these specific areas will significantly improve the plugin's security and reduce its attack surface.

Key Concerns

  • Unprotected AJAX handlers
  • Unprotected REST API routes
  • High severity unsanitized path flow
Vulnerabilities
None known

800Website Loyalty Rewards for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

800Website Loyalty Rewards for WooCommerce Release Timeline

No version history available.
Code Analysis
Analyzed Apr 16, 2026

800Website Loyalty Rewards for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
97 prepared
Unescaped Output
1
535 escaped
Nonce Checks
12
Capability Checks
10
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared97 total queries

Output Escaping

100% escaped536 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
admin_pending_approvals (800website-loyalty-rewards.php:890)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

800Website Loyalty Rewards for WooCommerce Attack Surface

Entry Points22
Unprotected4

AJAX Handlers 5

authwp_ajax_lrwc_batch_generate800website-loyalty-rewards.php:64
authwp_ajax_lrwc_apply_checkout_points800website-loyalty-rewards.php:73
authwp_ajax_lrwc_remove_checkout_points800website-loyalty-rewards.php:74
authwp_ajax_lrwc_add_to_cart800website-loyalty-rewards.php:77
noprivwp_ajax_lrwc_add_to_cart800website-loyalty-rewards.php:78

REST API Routes 15

GET/wp-json/lrwc/v1/customer/profile800website-loyalty-rewards.php:1700
GET/wp-json/lrwc/v1/customer/transactions800website-loyalty-rewards.php:1708
GET/wp-json/lrwc/v1/rewards800website-loyalty-rewards.php:1717
POST/wp-json/lrwc/v1/redeem800website-loyalty-rewards.php:1723
POST/wp-json/lrwc/v1/staff/login800website-loyalty-rewards.php:1732
POST/wp-json/lrwc/v1/staff/scan800website-loyalty-rewards.php:1738
POST/wp-json/lrwc/v1/staff/add-points800website-loyalty-rewards.php:1744
POST/wp-json/lrwc/v1/staff/process-redemption800website-loyalty-rewards.php:1750
GET/wp-json/lrwc/v1/staff/pending-redemptions800website-loyalty-rewards.php:1756
GET/wp-json/lrwc/v1/staff/rewards800website-loyalty-rewards.php:1763
POST/wp-json/lrwc/v1/staff/redeem-product800website-loyalty-rewards.php:1770
POST/wp-json/lrwc/v1/staff/lookup800website-loyalty-rewards.php:1777
POST/wp-json/lrwc/v1/staff/create-order800website-loyalty-rewards.php:1784
POST/wp-json/lrwc/v1/checkout/apply-points800website-loyalty-rewards.php:1791
POST/wp-json/lrwc/v1/checkout/remove-points800website-loyalty-rewards.php:1797

Shortcodes 2

[lrwc_loyalty_app] 800website-loyalty-rewards.php:57
[lrwc_loyalty_staff] 800website-loyalty-rewards.php:58
WordPress Hooks 20
actionadmin_init800website-loyalty-rewards.php:20
actionadmin_notices800website-loyalty-rewards.php:22
actioninit800website-loyalty-rewards.php:49
actionwp_enqueue_scripts800website-loyalty-rewards.php:50
actionadmin_enqueue_scripts800website-loyalty-rewards.php:51
actionadmin_menu800website-loyalty-rewards.php:54
actionrest_api_init800website-loyalty-rewards.php:61
actionwoocommerce_order_status_completed800website-loyalty-rewards.php:67
actionwoocommerce_cart_calculate_fees800website-loyalty-rewards.php:70
actionwoocommerce_checkout_order_processed800website-loyalty-rewards.php:71
actionwoocommerce_review_order_before_payment800website-loyalty-rewards.php:72
actionwoocommerce_admin_order_data_after_order_details800website-loyalty-rewards.php:81
filterwoocommerce_admin_order_preview_get_order_details800website-loyalty-rewards.php:82
filterwoocommerce_account_menu_items800website-loyalty-rewards.php:85
actionwoocommerce_account_lrwc-loyalty-points_endpoint800website-loyalty-rewards.php:86
actioninit800website-loyalty-rewards.php:87
filtermanage_edit-shop_order_columns800website-loyalty-rewards.php:90
actionmanage_shop_order_posts_custom_column800website-loyalty-rewards.php:91
filtermanage_woocommerce_page_wc-orders_columns800website-loyalty-rewards.php:94
actionmanage_woocommerce_page_wc-orders_custom_column800website-loyalty-rewards.php:95
Maintenance & Trust

800Website Loyalty Rewards for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 5, 2026
PHP min version7.4
Downloads204

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

800Website Loyalty Rewards for WooCommerce Alternatives

Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

mycred

A
89

A WordPress gamification plugin is also a points management system. Award ranks, loyalty points and rewards or WooCommerce rewards to your users.

10K 26 CVEs
HostPlugin – WooCommerce Points & Rewards

HostPlugin – WooCommerce Points & Rewards

hostplugin-woocommerce-points-and-rewards

A
85

Reward your loyal customers for purchases and other actions using points which can be redeemed for discounts on future purchase.

50 No CVEs
Customers Loyalty Program – Points and Rewards

Customers Loyalty Program – Points and Rewards

customers-loyalty-program-points-and-rewards

A
85

Complete solution for Customers Loyalty Program making.

10 No CVEs
Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program)

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program)

loyaltyx-points-and-rewards-for-woocommerce

A
100

A lightweight WooCommerce points and rewards plugin to run a loyalty program where customers earn points on purchases and redeem them for discounts.

10 No CVEs
Loyalty Points and Rewards for Square

Loyalty Points and Rewards for Square

loyalty-points-and-rewards-for-square

A
100

Add a Square loyalty program to WooCommerce store. Enable customers to earn and track reward points automatically with Square loyalty integration.

0 No CVEs
Developer Profile

800Website Loyalty Rewards for WooCommerce Developer Profile

Mo Ka

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect 800Website Loyalty Rewards for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/800website-loyalty-rewards/assets/css/frontend.css/wp-content/plugins/800website-loyalty-rewards/assets/js/frontend.js/wp-content/plugins/800website-loyalty-rewards/assets/css/checkout.css/wp-content/plugins/800website-loyalty-rewards/assets/js/checkout.js/wp-content/plugins/800website-loyalty-rewards/assets/css/admin.css/wp-content/plugins/800website-loyalty-rewards/assets/js/admin.js
Script Paths
/wp-content/plugins/800website-loyalty-rewards/assets/js/frontend.js/wp-content/plugins/800website-loyalty-rewards/assets/js/checkout.js/wp-content/plugins/800website-loyalty-rewards/assets/js/admin.js
Version Parameters
800website-loyalty-rewards/assets/css/frontend.css?ver=800website-loyalty-rewards/assets/js/frontend.js?ver=800website-loyalty-rewards/assets/css/checkout.css?ver=800website-loyalty-rewards/assets/js/checkout.js?ver=800website-loyalty-rewards/assets/css/admin.css?ver=800website-loyalty-rewards/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
lrwc-loyalty-app-wrapperlrwc-loyalty-points-balancelrwc-checkout-points-redemption-formlrwc-rewards-badgelrwc-my-account-loyalty-title
HTML Comments
<!-- 800Website Loyalty Rewards for WooCommerce --><!-- End 800Website Loyalty Rewards for WooCommerce -->
Data Attributes
data-lrwc-customer-iddata-lrwc-points-balancedata-lrwc-redeemable-pointsdata-lrwc-max-redemption-amount
JS Globals
lrwc_ajax_object
REST Endpoints
/wp-json/lrwc/v1/redeem_points/wp-json/lrwc/v1/get_points_balance
Shortcode Output
<div class='lrwc-loyalty-app-wrapper'><div class='lrwc-loyalty-staff-scanner-wrapper'>
FAQ

Frequently Asked Questions about 800Website Loyalty Rewards for WooCommerce