WP-Safety

Easy Loyalty Points and Rewards for WooCommerce Security & Risk Analysis

wordpress.org/plugins/easy-loyalty-points-and-rewards-for-woocommerce

A lightweight, easy to use customer loyalty system for WooCommerce.

400 active installs v1.4.0 PHP 7.3+ WP 5.8+ Updated Oct 26, 2023
loyaltypointspoints-and-rewardsrewardswoocommerce
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Easy Loyalty Points and Rewards for WooCommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Easy Loyalty Points and Rewards for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The plugin "easy-loyalty-points-and-rewards-for-woocommerce" v1.4.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices in several areas, including a high percentage of SQL queries using prepared statements and a substantial majority of outputs being properly escaped. The absence of dangerous functions, file operations, and external HTTP requests further strengthens its security profile. Additionally, there is no recorded vulnerability history, which suggests a history of stable and secure development.

However, a significant concern arises from the presence of one unprotected AJAX handler, which represents a direct entry point into the plugin without authentication checks. The taint analysis also reveals two flows with unsanitized paths, one of which is rated as high severity. This indicates a potential for attackers to exploit these paths to inject malicious data or execute unintended actions within the WordPress environment. While the overall vulnerability history is clean, these specific code analysis findings highlight areas that require immediate attention.

In conclusion, the plugin has a solid foundation with good coding practices in place. Nevertheless, the unprotected AJAX handler and the high-severity unsanitized taint flows introduce critical security risks that could be leveraged by attackers. Addressing these specific issues should be the highest priority to improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handler
  • High severity unsanitized taint flow
  • Unsanitized taint flow (x1)
Vulnerabilities
None known

Easy Loyalty Points and Rewards for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Easy Loyalty Points and Rewards for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
4
21 prepared
Unescaped Output
25
189 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

84% prepared25 total queries

Output Escaping

88% escaped214 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
search_box (includes\class-nujo-reward-points-wp-list-table.php:346)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Easy Loyalty Points and Rewards for WooCommerce Attack Surface

Entry Points1
Unprotected1

AJAX Handlers 1

authwp_ajax_nrp_update_balanceincludes\class-nujo-reward-points.php:185
WordPress Hooks 35
actionadmin_footerincludes\class-nujo-reward-points-wp-list-table.php:164
actionplugins_loadedincludes\class-nujo-reward-points.php:152
actionwp_loadedincludes\class-nujo-reward-points.php:168
actionwp_loadedincludes\class-nujo-reward-points.php:171
actionadmin_enqueue_scriptsincludes\class-nujo-reward-points.php:174
actionadmin_enqueue_scriptsincludes\class-nujo-reward-points.php:175
filterplugin_action_links_easy-loyalty-points-and-rewards-for-woocommerce/easy-loyalty-points-and-rewards-for-woocommerce.phpincludes\class-nujo-reward-points.php:178
actionadmin_menuincludes\class-nujo-reward-points.php:181
actionadmin_initincludes\class-nujo-reward-points.php:182
actionadd_meta_boxesincludes\class-nujo-reward-points.php:188
actionupdate_option_nrp_earning_ratioincludes\class-nujo-reward-points.php:191
actionupdate_option_nrp_redemption_ratioincludes\class-nujo-reward-points.php:192
filterwoocommerce_hidden_order_itemmetaincludes\class-nujo-reward-points.php:195
actionwp_enqueue_scriptsincludes\class-nujo-reward-points.php:211
actionwp_enqueue_scriptsincludes\class-nujo-reward-points.php:212
actionwoocommerce_before_add_to_cart_buttonincludes\class-nujo-reward-points.php:215
filterwoocommerce_get_item_dataincludes\class-nujo-reward-points.php:216
actionwoocommerce_checkout_create_order_line_itemincludes\class-nujo-reward-points.php:217
actionwoocommerce_checkout_create_orderincludes\class-nujo-reward-points.php:218
actionwoocommerce_order_status_changedincludes\class-nujo-reward-points.php:219
filterwoocommerce_get_shop_coupon_dataincludes\class-nujo-reward-points.php:222
filterwoocommerce_before_calculate_totalsincludes\class-nujo-reward-points.php:223
filterwoocommerce_cart_totals_coupon_labelincludes\class-nujo-reward-points.php:224
actionwoocommerce_checkout_order_processedincludes\class-nujo-reward-points.php:225
filterwoocommerce_before_calculate_totalsincludes\class-nujo-reward-points.php:228
actionwoocommerce_before_cartincludes\class-nujo-reward-points.php:229
actionwoocommerce_before_checkout_formincludes\class-nujo-reward-points.php:230
actionwoocommerce_before_cartincludes\class-nujo-reward-points.php:231
actionwoocommerce_before_checkout_formincludes\class-nujo-reward-points.php:232
actionuser_registerincludes\class-nujo-reward-points.php:235
actionprofile_updateincludes\class-nujo-reward-points.php:236
actioninitincludes\class-nujo-reward-points.php:239
filterquery_varsincludes\class-nujo-reward-points.php:240
filterwoocommerce_account_menu_itemsincludes\class-nujo-reward-points.php:241
actionwoocommerce_account_nrp-points_endpointincludes\class-nujo-reward-points.php:242
Maintenance & Trust

Easy Loyalty Points and Rewards for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8
Last updatedOct 26, 2023
PHP min version7.3
Downloads6K

Community Trust

Rating90/100
Number of ratings11
Active installs400
Alternatives

Easy Loyalty Points and Rewards for WooCommerce Alternatives

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

simple-points-and-rewards

A
100

WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.

100 No CVEs
HostPlugin – WooCommerce Points & Rewards

HostPlugin – WooCommerce Points & Rewards

hostplugin-woocommerce-points-and-rewards

A
85

Reward your loyal customers for purchases and other actions using points which can be redeemed for discounts on future purchase.

50 No CVEs
LoyaltyX – Points and Rewards for WooCommerce – Build Customer Loyalty Program and Reward Purchases

LoyaltyX – Points and Rewards for WooCommerce – Build Customer Loyalty Program and Reward Purchases

loyaltyx-points-and-rewards-for-woocommerce

A
100

Add a WooCommerce points and rewards program to your store. Customers earn points on every purchase and redeem them for discounts on cart & checkout.

10 No CVEs
Points and Rewards for WooCommerce – Create Loyalty Programs, Reward Customer Purchases, User Badges, Gamification

Points and Rewards for WooCommerce – Create Loyalty Programs, Reward Customer Purchases, User Badges, Gamification

points-and-rewards-for-woocommerce

A
96

Points and Rewards for WooCommerce offer a reward for points to your customers for their activities & increase customer loyalty.

7K 3 CVEs
myCred Toolkit – Ultimate myCred Modules To Support WordPress Gamification and Loyalty Rewards

myCred Toolkit – Ultimate myCred Modules To Support WordPress Gamification and Loyalty Rewards

mycred-toolkit

A
100

A bag of myCred addons for user engagement through WordPress & WooCommerce gamification. Get multiple free add-ons with one point rewards system.

400 No CVEs
Developer Profile

Easy Loyalty Points and Rewards for WooCommerce Developer Profile

Nujo Plugins

1 plugin · 400 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Easy Loyalty Points and Rewards for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/admin/css/nujo-reward-points-admin.css/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/admin/js/nujo-reward-points-admin.js/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/includes/js/customizer.js/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/public/css/easy-loyalty-points-and-rewards-for-woocommerce.css/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/public/js/easy-loyalty-points-and-rewards-for-woocommerce.js
Script Paths
/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/admin/js/nujo-reward-points-admin.js/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/includes/js/customizer.js/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/public/js/easy-loyalty-points-and-rewards-for-woocommerce.js
Version Parameters
/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/admin/css/nujo-reward-points-admin.css?ver=/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/admin/js/nujo-reward-points-admin.js?ver=/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/includes/js/customizer.js?ver=/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/public/css/easy-loyalty-points-and-rewards-for-woocommerce.css?ver=/wp-content/plugins/easy-loyalty-points-and-rewards-for-woocommerce/public/js/easy-loyalty-points-and-rewards-for-woocommerce.js?ver=

HTML / DOM Fingerprints

CSS Classes
nrp-woo-rewards
HTML Comments
<!-- Easy Loyalty Points and Rewards for WooCommerce -->
JS Globals
nrp_ajax_var
FAQ

Frequently Asked Questions about Easy Loyalty Points and Rewards for WooCommerce