Does FavCRM for WooCommerce – Member Point Reward Solution have any unpatched vulnerabilities?

No. All known vulnerabilities in FavCRM for WooCommerce – Member Point Reward Solution have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FavCRM for WooCommerce – Member Point Reward Solution compatible with WordPress 6.7.5?

According to WordPress.org data, FavCRM for WooCommerce – Member Point Reward Solution 1.0.11 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is FavCRM for WooCommerce – Member Point Reward Solution compatible with PHP 7.1+?

FavCRM for WooCommerce – Member Point Reward Solution requires PHP 7.1 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

FavCRM for WooCommerce – Member Point Reward Solution Security & Risk Analysis

wordpress.org/plugins/favcrm-for-woocommerce

Enhances your store with a loyalty program, enabling member program, earn point rewards, and redeem points as cash for their purchases.

0 active installs v1.0.11 PHP 7.1+ WP 3.5.1+ Updated Feb 13, 2025

loyalty-programmembermembershipreward-pointwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is FavCRM for WooCommerce – Member Point Reward Solution Safe to Use in 2026?

Generally Safe

Score 92/100

FavCRM for WooCommerce – Member Point Reward Solution has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The "favcrm-for-woocommerce" plugin, version 1.0.11, presents a mixed security posture. On the positive side, it demonstrates strong practices regarding SQL queries, exclusively using prepared statements, and a good proportion of its output is properly escaped, suggesting an effort to mitigate cross-site scripting vulnerabilities. The absence of known CVEs and a clean vulnerability history are also positive indicators, suggesting a generally well-maintained codebase or a lack of past public exploitation.

However, there are notable security concerns. The plugin exposes a significant attack surface with 50 entry points, and importantly, 6 of these are not protected by authentication or permission checks. Specifically, one AJAX handler and five REST API routes lack proper authorization. Furthermore, the presence of a dangerous `unserialize` function without evident sanitization or validation routines is a critical risk, as it can lead to remote code execution if manipulated with malicious serialized data. The static analysis also indicates file operations and external HTTP requests, which, combined with unprotected entry points, could be exploited.

While the plugin has strengths in SQL handling and output escaping, the presence of unprotected entry points and the `unserialize` function represent significant vulnerabilities that require immediate attention. The clean vulnerability history is encouraging but does not negate the immediate risks identified in the static analysis. A balanced approach is necessary, acknowledging the good practices while urgently addressing the identified security flaws.

Key Concerns

Unprotected AJAX handler
Unprotected REST API routes
Dangerous unserialize function
Low output escaping percentage

Vulnerabilities

None known

FavCRM for WooCommerce – Member Point Reward Solution Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

FavCRM for WooCommerce – Member Point Reward Solution Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

226 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$datetime = @unserialize( trim( $date_value ), array( 'allowed_classes' => array( 'DateTime' ) ) );includes\cmb2\includes\CMB2_Utils.php:571

Output Escaping

82% escaped275 total outputs

Attack Surface

6 unprotected

FavCRM for WooCommerce – Member Point Reward Solution Attack Surface

Entry Points50

Unprotected6

AJAX Handlers 3

authwp_ajax_fav_sync_orderincludes\class-favored.php:180

authwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:51

noprivwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:52

REST API Routes 45

POST/wp-json/fav/v1/company-signupadmin\class-favored-admin-routes.php:21

POST/wp-json/fav/v1/company-loginadmin\class-favored-admin-routes.php:27

POST/wp-json/fav/v1/company-logoutadmin\class-favored-admin-routes.php:33

GET/wp-json/fav/v1/dashboardadmin\class-favored-admin-routes.php:39

GET/wp-json/fav/v1/announcementsadmin\class-favored-admin-routes.php:45

GET/wp-json/fav/v1/update-noticeadmin\class-favored-admin-routes.php:51

GET/wp-json/fav/v1/settingsadmin\class-favored-admin-routes.php:57

POST/wp-json/fav/v1/settingsadmin\class-favored-admin-routes.php:63

GET/wp-json/fav/v1/settings/access-controladmin\class-favored-admin-routes.php:69

POST/wp-json/fav/v1/settings/access-controladmin\class-favored-admin-routes.php:75

GET/wp-json/fav/v1/permissions-checkadmin\class-favored-admin-routes.php:81

GET/wp-json/fav/v1/membersadmin\class-favored-admin-routes.php:87

GET/wp-json/fav/v1/members/(?P<uuid>[\W\w]+)admin\class-favored-admin-routes.php:93

POST/wp-json/fav/v1/membersadmin\class-favored-admin-routes.php:99

PATCH/wp-json/fav/v1/members/(?P<uuid>[\W\w]+)admin\class-favored-admin-routes.php:105

DELETE/wp-json/fav/v1/members/(?P<uuid>[\W\w]+)admin\class-favored-admin-routes.php:111

GET/wp-json/fav/v1/membership-tiersadmin\class-favored-admin-routes.php:117

POST/wp-json/fav/v1/membership-tiersadmin\class-favored-admin-routes.php:123

GET/wp-json/fav/v1/membership-tiers/(?P<id>[\W\w]+)admin\class-favored-admin-routes.php:129

PATCH/wp-json/fav/v1/membership-tiers/(?P<id>[\W\w]+)admin\class-favored-admin-routes.php:135

DELETE/wp-json/fav/v1/membership-tiers/(?P<id>[\W\w]+)admin\class-favored-admin-routes.php:141

GET/wp-json/fav/v1/reward-transactionsadmin\class-favored-admin-routes.php:147

GET/wp-json/fav/v1/reward-schemesadmin\class-favored-admin-routes.php:153

GET/wp-json/fav/v1/reward-schemes/(?P<id>[\W\w]+)admin\class-favored-admin-routes.php:159

POST/wp-json/fav/v1/reward-schemesadmin\class-favored-admin-routes.php:165

PATCH/wp-json/fav/v1/reward-schemes/(?P<id>[\W\w]+)admin\class-favored-admin-routes.php:171

DELETE/wp-json/fav/v1/reward-schemes/(?P<id>[\W\w]+)admin\class-favored-admin-routes.php:177

GET/wp-json/fav/v1/gift-offersadmin\class-favored-admin-routes.php:183

GET/wp-json/fav/v1/gift-offers/(?P<id>[\W\w]+)admin\class-favored-admin-routes.php:189

POST/wp-json/fav/v1/gift-offersadmin\class-favored-admin-routes.php:195

POST/wp-json/fav/v1/gift-offers/(?P<id>[\W\w]+)admin\class-favored-admin-routes.php:201

DELETE/wp-json/fav/v1/gift-offers/(?P<id>[\W\w]+)admin\class-favored-admin-routes.php:207

GET/wp-json/fav/v1/subscriptionadmin\class-favored-admin-routes.php:213

GET/wp-json/fav/v1/subscription-plansadmin\class-favored-admin-routes.php:219

POST/wp-json/fav/v1/change-subscription-planadmin\class-favored-admin-routes.php:225

GET/wp-json/fav/v1/my-member-profilepublic\class-favored-public-routes.php:13

GET/wp-json/fav/v1/my-reward-schemespublic\class-favored-public-routes.php:19

GET/wp-json/fav/v1/my-gift-offerspublic\class-favored-public-routes.php:25

GET/wp-json/fav/v1/my-activitiespublic\class-favored-public-routes.php:31

GET/wp-json/fav/v1/sitepublic\class-favored-public-routes.php:37

POST/wp-json/fav/v1/reward-redemptionspublic\class-favored-public-routes.php:43

GET/wp-json/fav/v1/my-rewardspublic\class-favored-public-routes.php:49

POST/wp-json/fav/v1/loginpublic\class-favored-public-routes.php:55

POST/wp-json/fav/v1/registerpublic\class-favored-public-routes.php:61

POST/wp-json/fav/v1/logoutpublic\class-favored-public-routes.php:67

Shortcodes 2

[fav-register] admin\class-favored-admin.php:186

[fav-login] admin\class-favored-admin.php:190

WordPress Hooks 72

actionadmin_enqueue_scriptsincludes\class-favored.php:150

actioninitincludes\class-favored.php:151

actioninitincludes\class-favored.php:166

actionadmin_enqueue_scriptsincludes\class-favored.php:167

actionadmin_enqueue_scriptsincludes\class-favored.php:168

actionrest_api_initincludes\class-favored.php:170

actionadmin_menuincludes\class-favored.php:171

actioncmb2_admin_initincludes\class-favored.php:172

actionwoocommerce_order_status_changedincludes\class-favored.php:173

actionwoocommerce_new_orderincludes\class-favored.php:174

actioncurrent_screenincludes\class-favored.php:175

actionadmin_noticesincludes\class-favored.php:176

actionadd_meta_boxesincludes\class-favored.php:177

filtermanage_woocommerce_page_wc-orders_columnsincludes\class-favored.php:178

actionmanage_woocommerce_page_wc-orders_custom_columnincludes\class-favored.php:179

actionwp_enqueue_scriptsincludes\class-favored.php:195

actionwp_enqueue_scriptsincludes\class-favored.php:196

actionrest_api_initincludes\class-favored.php:198

actioninitincludes\class-favored.php:199

actioninitincludes\class-favored.php:200

actionwp_footerincludes\class-favored.php:201

actionwoocommerce_cart_calculate_feesincludes\class-favored.php:202

actionwoocommerce_cart_calculate_feesincludes\class-favored.php:203

actionwoocommerce_blocks_loadedincludes\class-favored.php:204

actioninitincludes\class-favored.php:206

actionwoocommerce_blocks_checkout_block_registrationincludes\class-favored.php:220

actioncmb2_admin_initincludes\cmb2\example-functions.php:105

actioncmb2_admin_initincludes\cmb2\example-functions.php:470

actioncmb2_admin_initincludes\cmb2\example-functions.php:500

actioncmb2_admin_initincludes\cmb2\example-functions.php:564

actioncmb2_admin_initincludes\cmb2\example-functions.php:633

actioncmb2_admin_initincludes\cmb2\example-functions.php:674

actioncmb2_initincludes\cmb2\example-functions.php:777

actioncmb2_save_options-page_fieldsincludes\cmb2\includes\CMB2_Ajax.php:54

filterget_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:147

filterupdate_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:150

filtercmb2_show_onincludes\cmb2\includes\CMB2_Hookup.php:79

actionedit_form_topincludes\cmb2\includes\CMB2_Hookup.php:118

actionedit_form_before_permalinkincludes\cmb2\includes\CMB2_Hookup.php:122

actionedit_form_after_titleincludes\cmb2\includes\CMB2_Hookup.php:126

actionedit_form_after_editorincludes\cmb2\includes\CMB2_Hookup.php:130

actionadd_meta_boxesincludes\cmb2\includes\CMB2_Hookup.php:134

actionadd_meta_boxesincludes\cmb2\includes\CMB2_Hookup.php:137

actionadd_attachmentincludes\cmb2\includes\CMB2_Hookup.php:138

actionedit_attachmentincludes\cmb2\includes\CMB2_Hookup.php:139

actionsave_postincludes\cmb2\includes\CMB2_Hookup.php:140

actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:147

actionadd_meta_boxes_commentincludes\cmb2\includes\CMB2_Hookup.php:155

actionedit_commentincludes\cmb2\includes\CMB2_Hookup.php:156

filtermanage_edit-comments_columnsincludes\cmb2\includes\CMB2_Hookup.php:159

actionmanage_comments_custom_columnincludes\cmb2\includes\CMB2_Hookup.php:160

filtermanage_edit-comments_sortable_columnsincludes\cmb2\includes\CMB2_Hookup.php:161

actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:162

actionshow_user_profileincludes\cmb2\includes\CMB2_Hookup.php:171

actionedit_user_profileincludes\cmb2\includes\CMB2_Hookup.php:172

actionuser_new_formincludes\cmb2\includes\CMB2_Hookup.php:173

actionpersonal_options_updateincludes\cmb2\includes\CMB2_Hookup.php:175

actionedit_user_profile_updateincludes\cmb2\includes\CMB2_Hookup.php:176

actionuser_registerincludes\cmb2\includes\CMB2_Hookup.php:177

filtermanage_users_columnsincludes\cmb2\includes\CMB2_Hookup.php:180

filtermanage_users_custom_columnincludes\cmb2\includes\CMB2_Hookup.php:181

filtermanage_users_sortable_columnsincludes\cmb2\includes\CMB2_Hookup.php:182

actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:183

actionpre_get_postsincludes\cmb2\includes\CMB2_Hookup.php:229

actioncreated_termincludes\cmb2\includes\CMB2_Hookup.php:233

actionedited_termsincludes\cmb2\includes\CMB2_Hookup.php:234

actiondelete_termincludes\cmb2\includes\CMB2_Hookup.php:235

filterwp_prepare_attachment_for_jsincludes\cmb2\includes\CMB2_Hookup_Field.php:54

actionadmin_enqueue_scriptsincludes\cmb2\includes\CMB2_Hookup_Field.php:71

actioncmb2_do_oembedincludes\cmb2\includes\helper-functions.php:131

filteris_protected_metaincludes\cmb2\includes\rest-api\CMB2_REST.php:144

actioninitincludes\cmb2\init.php:131

Maintenance & Trust

FavCRM for WooCommerce – Member Point Reward Solution Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedFeb 13, 2025

PHP min version7.1

Downloads695

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

FavCRM for WooCommerce – Member Point Reward Solution Alternatives

FOMO & Social Proof Notifications by TrustPulse – Best WordPress FOMO Plugin

trustpulse-api

100

TrustPulse is a FOMO social proof plugin that leverages the power of social proof to instantly boost site conversions by up to 15%!

20K No CVEs

WCFM Membership – WooCommerce Memberships for Multivendor Marketplace

wc-multivendor-membership

A simple woocommerce memberships plugin for offering free and premium subscription for your multi-vendor marketplace - WCFM Marketplace, WC Vendors &a …

10K 5 CVEs

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress

youzify

The best BuddyPress plugin for building online communities, user profile, social networks, and membership sites on WordPress with tons of features.

6K 1 unpatched

Connector Wizard (formerly LC Wizard)

ghl-wizard

Connect WordPress with LeadConnector CRM to automate memberships, content protection, WooCommerce, and more for a seamless and powerful experience.

900 1 unpatched

Memberships and User Profiles for WooCommerce – ProfileGrid WooCommerce Integration

ecommerce-user-profiles-by-profilegrid

100

Sell more on WooCommerce with modern user profiles, user activities, content restriction, groups, paid memberships, and social commerce.

400 No CVEs

Developer Profile

FavCRM for WooCommerce – Member Point Reward Solution Developer Profile

Chris Chiang

1 plugin · 0 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FavCRM for WooCommerce – Member Point Reward Solution

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/favcrm-for-woocommerce/assets/css/admin.css/wp-content/plugins/favcrm-for-woocommerce/assets/js/admin.js

Script Paths

/wp-content/plugins/favcrm-for-woocommerce/assets/js/admin.js

Version Parameters

favcrm-for-woocommerce/assets/css/admin.css?ver=favcrm-for-woocommerce/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

favcrm-admin-wrapperfavcrm-menu-item

HTML Comments

Data Attributes

data-favcrm-customer-iddata-favcrm-order-id

JS Globals

favcrm_admin_ajax_object

REST Endpoints

/wp-json/favcrm/v1/get_customer_data/wp-json/favcrm/v1/get_order_data

Shortcode Output

[favcrm_customer_details][favcrm_order_history]

FAQ