WP-Safety

EchoRewards — Refer-a-Friend & Referral Program for WooCommerce Security & Risk Analysis

wordpress.org/plugins/echo-rewards

Create a WooCommerce refer-a-friend program. Generate coupons, reward customers, and run a customer referral program for your store.

300 active installs v2.6.2 PHP 7.4+ WP 5.0+ Updated Apr 1, 2026
couponrefer-a-friendreferralreferral-programrewards
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is EchoRewards — Refer-a-Friend & Referral Program for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

EchoRewards — Refer-a-Friend & Referral Program for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "echo-rewards" plugin v2.6.1 exhibits a generally good security posture, with a significant portion of its SQL queries utilizing prepared statements and a high percentage of output being properly escaped. The absence of known CVEs and unpatched vulnerabilities in its history is a strong positive indicator. However, the static analysis reveals potential areas of concern. The presence of 5 unsanitized paths in the taint analysis, with 4 classified as high severity, is a significant red flag and suggests potential vulnerabilities that could be exploited if input is not properly validated or sanitized before being used in sensitive operations. While the plugin has a substantial attack surface of 47 entry points, it's reassuring that all are reported to have authorization checks. The bundled Select2 library, while common, could also be a potential vector for vulnerabilities if it's an outdated version, though this is not explicitly stated.

Key Concerns

  • High severity unsanitized taint flows
  • Bundled library (potential for outdated version)
Vulnerabilities
None known

EchoRewards — Refer-a-Friend & Referral Program for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

EchoRewards — Refer-a-Friend & Referral Program for WooCommerce Release Timeline

v2.6.2Current
v2.6.1
v2.6.0
v2.5.9
v2.5.8
v2.5.7
v2.5.6
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.0
v2.3.0
v2.2.1
v2.2.0
v2.1.4
v2.1.3
v2.1.2
Code Analysis
Analyzed Mar 16, 2026

EchoRewards — Refer-a-Friend & Referral Program for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
23
143 prepared
Unescaped Output
23
306 escaped
Nonce Checks
38
Capability Checks
7
File Operations
0
External Requests
3
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

86% prepared166 total queries

Output Escaping

93% escaped329 total outputs
Data Flows · Security
5 unsanitized

Data Flow Analysis

9 flows5 with unsanitized paths
manage_notices (includes\Ecre_Ajax.php:471)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

EchoRewards — Refer-a-Friend & Referral Program for WooCommerce Attack Surface

Entry Points47
Unprotected0

AJAX Handlers 43

authwp_ajax_ecre_notice_actionincludes\Ecre_Ajax.php:51
noprivwp_ajax_ecre_notice_actionincludes\Ecre_Ajax.php:52
authwp_ajax_ecre_save_settingsincludes\Ecre_Ajax.php:53
authwp_ajax_ecre_fetch_settingsincludes\Ecre_Ajax.php:54
noprivwp_ajax_ecre_fetch_settingsincludes\Ecre_Ajax.php:55
authwp_ajax_ecre_fetch_referral_couponincludes\Ecre_Ajax.php:56
noprivwp_ajax_ecre_fetch_referral_couponincludes\Ecre_Ajax.php:57
authwp_ajax_ecre_fetch_invite_couponsincludes\Ecre_Ajax.php:58
noprivwp_ajax_ecre_fetch_invite_couponsincludes\Ecre_Ajax.php:59
authwp_ajax_ecre_send_invite_emailincludes\Ecre_Ajax.php:60
noprivwp_ajax_ecre_send_invite_emailincludes\Ecre_Ajax.php:61
authwp_ajax_fetch_products_and_categoriesincludes\Ecre_Ajax.php:62
noprivwp_ajax_fetch_products_and_categoriesincludes\Ecre_Ajax.php:63
authwp_ajax_ecre_fetch_reward_couponsincludes\Ecre_Ajax.php:64
noprivwp_ajax_ecre_fetch_reward_couponsincludes\Ecre_Ajax.php:65
authwp_ajax_ecre_fetch_reward_pointsincludes\Ecre_Ajax.php:66
noprivwp_ajax_ecre_fetch_reward_pointsincludes\Ecre_Ajax.php:67
authwp_ajax_fetch_wp_pagesincludes\Ecre_Ajax.php:68
authwp_ajax_fetch_wp_pagesincludes\Ecre_Ajax.php:69
authwp_ajax_get_chart_dataincludes\Ecre_Ajax.php:70
noprivwp_ajax_get_chart_dataincludes\Ecre_Ajax.php:71
authwp_ajax_install_activate_woocommerceincludes\Ecre_Ajax.php:72
authwp_ajax_activate_woocommerceincludes\Ecre_Ajax.php:73
authwp_ajax_ecre_fetch_referrersincludes\Ecre_Ajax.php:75
authwp_ajax_ecre_fetch_dashboard_summaryincludes\Ecre_Ajax.php:76
authwp_ajax_ecre_fetch_referrer_dashboardincludes\Ecre_Ajax.php:77
authwp_ajax_ecre_fetch_referrer_historyincludes\Ecre_Ajax.php:78
authwp_ajax_ecre_fetch_referrer_reward_couponsincludes\Ecre_Ajax.php:80
authwp_ajax_ecre_fetch_referrer_reward_pointsincludes\Ecre_Ajax.php:81
authwp_ajax_ecre_fetch_user_points_summaryincludes\Ecre_Ajax.php:83
authwp_ajax_ecre_save_user_reward_settingsincludes\Ecre_Ajax.php:86
authwp_ajax_ecre_fetch_user_reward_settingsincludes\Ecre_Ajax.php:87
authwp_ajax_ecre_reset_user_reward_settingsincludes\Ecre_Ajax.php:88
authwp_ajax_ecre_issue_reward_pointsincludes\Ecre_Ajax.php:89
authwp_ajax_ecre_issue_reward_couponincludes\Ecre_Ajax.php:91
authwp_ajax_ecre_check_update_progressincludes\Ecre_Ajax.php:92
authwp_ajax_ecre_check_migration_neededincludes\Ecre_Migration_Handler.php:59
authwp_ajax_ecre_start_migrationincludes\Ecre_Migration_Handler.php:60
authwp_ajax_ecre_get_migration_progressincludes\Ecre_Migration_Handler.php:61
authwp_ajax_ecre_pause_migrationincludes\Ecre_Migration_Handler.php:62
authwp_ajax_ecre_resume_migrationincludes\Ecre_Migration_Handler.php:63
authwp_ajax_ecre_cancel_migrationincludes\Ecre_Migration_Handler.php:64
authwp_ajax_ecre_dismiss_migration_noticeincludes\Ecre_Migration_Handler.php:65

Shortcodes 4

[ecre-referral-card] includes\Ecre_Shortcodes.php:37
[ecre-email-invite] includes\Ecre_Shortcodes.php:38
[ecre-reward-coupons-table] includes\Ecre_Shortcodes.php:39
[ecre-invitation-tracking-table] includes\Ecre_Shortcodes.php:40
WordPress Hooks 72
filtermanage_edit-shop_coupon_columnsincludes\Admin\Ecre_Coupon_Columns.php:28
actionmanage_shop_coupon_posts_custom_columnincludes\Admin\Ecre_Coupon_Columns.php:29
actionadmin_menuincludes\Admin\Ecre_Menu.php:46
filtersubmenu_fileincludes\Admin\Ecre_Menu.php:52
filterwoocommerce_shop_order_list_table_columnsincludes\Admin\Ecre_Orders_Column.php:36
actionwoocommerce_shop_order_list_table_custom_columnincludes\Admin\Ecre_Orders_Column.php:37
filterwoocommerce_shop_order_list_table_sortable_columnsincludes\Admin\Ecre_Orders_Column.php:38
actionwoocommerce_order_list_table_restrict_manage_ordersincludes\Admin\Ecre_Orders_Filter.php:43
actionrestrict_manage_postsincludes\Admin\Ecre_Orders_Filter.php:45
filterwoocommerce_orders_table_query_clausesincludes\Admin\Ecre_Orders_Filter.php:47
actionpre_get_postsincludes\Admin\Ecre_Orders_Filter.php:48
actionswitch_themeincludes\Appsero\Insights.php:139
actionswitch_themeincludes\Appsero\Insights.php:140
actionadmin_footerincludes\Appsero\Insights.php:151
actionadmin_noticesincludes\Appsero\Insights.php:167
actionadmin_initincludes\Appsero\Insights.php:170
filtercron_schedulesincludes\Appsero\Insights.php:176
actionadmin_menuincludes\Appsero\License.php:223
actionafter_switch_themeincludes\Appsero\License.php:785
actionswitch_themeincludes\Appsero\License.php:786
actionadmin_noticesincludes\ecre-class-base.php:125
actioninitincludes\ecre-class-base.php:128
actioninitincludes\ecre-class-base.php:129
filterplugin_action_linksincludes\ecre-class-base.php:131
actionadmin_initincludes\ecre-class-base.php:134
actioninitincludes\ecre-class-base.php:135
actionadmin_noticesincludes\ecre-class-base.php:195
actionwoocommerce_email_classesincludes\Ecre_Admin.php:50
actionadmin_initincludes\Ecre_Admin.php:52
actionadmin_noticesincludes\Ecre_Admin.php:87
actionall_admin_noticesincludes\Ecre_Admin.php:88
actionrest_api_initincludes\Ecre_API.php:33
actionadmin_enqueue_scriptsincludes\Ecre_Assets.php:39
actionwp_enqueue_scriptsincludes\Ecre_Assets.php:41
actionecre_background_update_couponsincludes\Ecre_Background_Processor.php:24
actionwoocommerce_update_couponincludes\Ecre_Coupon_Sync_Handler.php:44
actionwoocommerce_new_couponincludes\Ecre_Coupon_Sync_Handler.php:47
actionecre_process_migration_batchincludes\Ecre_Migration_Handler.php:68
actionadmin_noticesincludes\Ecre_Notice.php:42
actionadmin_noticesincludes\Ecre_Notice.php:56
actionadmin_noticesincludes\Ecre_Notice.php:80
actionwoocommerce_order_status_changedincludes\Ecre_Order_Tracking.php:70
actionecre_reward_scheduledincludes\Ecre_Order_Tracking.php:71
actionwoocommerce_admin_order_data_after_order_detailsincludes\Ecre_Order_Tracking.php:72
actiontemplate_redirectincludes\Ecre_ReferralLink.php:32
actionwoocommerce_add_to_cartincludes\Ecre_ReferralLink.php:33
actionwoocommerce_thankyouincludes\Ecre_ReferralLink.php:34
actionadmin_initincludes\Ecre_Tables.php:42
filterwoocommerce_cart_totals_coupon_htmlincludes\Frontend\Ecre_Coupon_Tracking.php:50
filterwoocommerce_coupon_is_validincludes\Frontend\Ecre_Coupon_Tracking.php:51
actionwoocommerce_checkout_order_processedincludes\Frontend\Ecre_Coupon_Tracking.php:52
actionwoocommerce_store_api_checkout_order_processedincludes\Frontend\Ecre_Coupon_Tracking.php:53
filterwoocommerce_coupon_errorincludes\Frontend\Ecre_Coupon_Tracking.php:111
filterwoocommerce_coupon_errorincludes\Frontend\Ecre_Coupon_Tracking.php:142
filterwoocommerce_coupon_errorincludes\Frontend\Ecre_Coupon_Tracking.php:166
filterwoocommerce_coupon_errorincludes\Frontend\Ecre_Coupon_Tracking.php:181
filterwoocommerce_coupon_errorincludes\Frontend\Ecre_Coupon_Tracking.php:206
filterwoocommerce_coupon_errorincludes\Frontend\Ecre_Coupon_Tracking.php:238
filterwoocommerce_coupon_errorincludes\Frontend\Ecre_Coupon_Tracking.php:251
filterwoocommerce_coupon_errorincludes\Frontend\Ecre_Coupon_Tracking.php:289
filterwoocommerce_coupon_errorincludes\Frontend\Ecre_Coupon_Tracking.php:311
filterquery_varsincludes\Frontend\Ecre_MyAccount_Menu.php:58
filterwoocommerce_account_menu_itemsincludes\Frontend\Ecre_MyAccount_Menu.php:59
filterwoocommerce_product_tabsincludes\Frontend\Ecre_Single_Product_Tab.php:43
actionadmin_enqueue_scriptsincludes\wppool\class-plugin.php:294
actionadmin_footerincludes\wppool\class-plugin.php:295
actionelementor/editor/after_enqueue_scriptsincludes\wppool\class-plugin.php:298
actionelementor/editor/headerincludes\wppool\class-plugin.php:299
filterwppool_pluginsincludes\wppool\class-plugin.php:1281
filterwppool_pluginsincludes\wppool\class-plugin.php:1319
filterappsero_is_localincludes\wppool\class-plugin.php:1333
actionplugins_loadedincludes\wppool\class-plugin.php:1336

Scheduled Events 5

ecre_process_migration_batch
ecre_process_migration_batch
ecre_process_migration_batch
ecre_process_migration_batch
ecre_reward_scheduled
Maintenance & Trust

EchoRewards — Refer-a-Friend & Referral Program for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 1, 2026
PHP min version7.4
Downloads10K

Community Trust

Rating78/100
Number of ratings8
Active installs300
Alternatives

EchoRewards — Refer-a-Friend & Referral Program for WooCommerce Alternatives

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty

wployalty

A
100

Create WooCommerce points and rewards program with WPLoyalty to increase customer loyalty and boost sales. Reward customers to drive repeat purchases.

3K No CVEs
MyRewards

MyRewards

woorewards

A
96

Free top-rated points and rewards program to retain your customers, grow your sales and get new customers.

2K 3 CVEs
ReferralCandy for WooCommerce – Advanced Referral & Affiliate Program

ReferralCandy for WooCommerce – Advanced Referral & Affiliate Program

referralcandy-for-woocommerce

A
100

Drive sales and customer loyalty with ReferralCandy. Set up effective referral and affiliate programs easily to reward and grow your customer base.

300 No CVEs
Customer Referral Program | Refer a Friend Software

Customer Referral Program | Refer a Friend Software

invitereferrals-customer-referral-program

A
92

Design and launch customer referral campaigns within minutes in Wordpress.

80 No CVEs
Customer Referral Program For WooCommerce

Customer Referral Program For WooCommerce

invitereferrals-referral-program-for-woocommerce

A
92

Design and launch customer referral campaigns within minutes in WooCommerce.

10 No CVEs
Developer Profile

EchoRewards — Refer-a-Friend & Referral Program for WooCommerce Developer Profile

WPPOOL

16 plugins · 32K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
322 days
View full developer profile
Detection Fingerprints

How We Detect EchoRewards — Refer-a-Friend & Referral Program for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/echo-rewards/assets/css/fonts.css/wp-content/plugins/echo-rewards/build/admin_main.build.js/wp-content/plugins/echo-rewards/assets/js/sizzle.min.js/wp-content/plugins/echo-rewards/build/admin.build.css/wp-content/plugins/echo-rewards/assets/css/admin.css/wp-content/plugins/echo-rewards/assets/css/fonts.css/wp-content/plugins/echo-rewards/build/frontend_main.build.js/wp-content/plugins/echo-rewards/assets/js/sizzle.min.js
Script Paths
/wp-content/plugins/echo-rewards/build/admin_main.build.js/wp-content/plugins/echo-rewards/assets/js/sizzle.min.js/wp-content/plugins/echo-rewards/build/frontend_main.build.js/wp-content/plugins/echo-rewards/assets/js/sizzle.min.js
Version Parameters
echo-rewards/assets/css/fonts.css?ver=echo-rewards/build/admin_main.build.js?ver=echo-rewards/assets/js/sizzle.min.js?ver=echo-rewards/build/admin.build.css?ver=echo-rewards/assets/css/admin.css?ver=echo-rewards/assets/css/fonts.css?ver=echo-rewards/build/frontend_main.build.js?ver=echo-rewards/assets/js/sizzle.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
ecre-admin-menu
Data Attributes
data-ecre-user-id
JS Globals
ecreAdminecreFrontend
FAQ

Frequently Asked Questions about EchoRewards — Refer-a-Friend & Referral Program for WooCommerce