Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program Security & Risk Analysis

wordpress.org/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav

All-in-One Loyalty + Giveaways + Contests + Competitions + Referral + Birthdays + Anniversaries App. No Coding. Easy DIY Setup.

50 active installs v3.5.4 PHP + WP 3.0.1+ Updated Feb 24, 2026

black-fridaychristmascontestgiveawaysloyalty

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program Safe to Use in 2026?

Generally Safe

Score 100/100

Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The Gratisfaction Social Contests plugin shows a mixed security posture. While it demonstrates strengths in avoiding dangerous functions, raw SQL queries, and file operations, significant concerns arise from its unprotected entry points. A substantial number of AJAX handlers and REST API routes lack proper authentication and authorization checks, creating a large attack surface that could be exploited by unauthenticated users. The presence of unsanitized path flows in the taint analysis, even if not flagged as critical or high, warrants attention as it can sometimes lead to privilege escalation or information disclosure vulnerabilities. The plugin's history of no known vulnerabilities is a positive indicator, suggesting the developers may have a generally good security awareness, but this is overshadowed by the current static analysis findings. The plugin's strengths in data handling and lack of historical exploits are commendable, but the numerous unprotected entry points present a notable risk that needs immediate attention.

Key Concerns

Unprotected AJAX handlers
Unprotected REST API routes
Taint flows with unsanitized paths
Low output escaping coverage

Vulnerabilities

None known

Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

36 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

67% escaped54 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths

_getIPDetails (grappsmav.php:562)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

9 unprotected

Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program Attack Surface

Entry Points11

Unprotected9

AJAX Handlers 4

authwp_ajax_create_gr_accountgrappsmav.php:192

authwp_ajax_check_gr_settingsgrappsmav.php:193

authwp_ajax_check_logingrappsmav.php:194

authwp_ajax_check_autologingrappsmav.php:195

REST API Routes 6

POST/wp-json/grwp/v1/getversionincludes\grwp-api.php:16

GET/wp-json/grwp/v1/getPageincludes\grwp-api.php:23

GET/wp-json/grwp/v1/addPageincludes\grwp-api.php:31

GET/wp-json/grwp/v1/editPageincludes\grwp-api.php:39

GET/wp-json/grwp/v1/deletePageincludes\grwp-api.php:47

GET/wp-json/grwp/v1/resetInstallationincludes\grwp-api.php:55

Shortcodes 1

[gr-campaign] grappsmav.php:905

WordPress Hooks 11

actionadmin_initgrappsmav.php:55

actionadmin_menugrappsmav.php:56

actionwp_footergrappsmav.php:57

actionadmin_enqueue_scriptsgrappsmav.php:58

actionplugins_loadedgrappsmav.php:60

actionrest_api_initgrappsmav.php:62

actionsave_postgrappsmav.php:65

actionbefore_delete_postgrappsmav.php:66

actionupgrader_process_completegrappsmav.php:69

actioncomment_postgrappsmav.php:743

actionwpgrappsmav.php:744

Maintenance & Trust

Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 24, 2026

PHP min version

Downloads19K

Community Trust

Rating100/100

Number of ratings16

Active installs50

Alternatives

Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program Alternatives

Gratisfaction- Loyalty, Rewards , Referral, Birthday and Giveaway Program

gratisfaction-all-in-one-loyalty-contests-referral-program-for-woocommerce

100

Loyalty + Referral + Rewards + Birthdays and Anniversaries + Giveaways + Contests + Competitions + Sweepstakes. Selling on ETSY? Reward points for yo …

700 1 CVE

Social Boost: Giveaways, Instant win and Contests. Grow followers, shares, subscribers, traffic, referrals, sales and more

social-boost

100

Run viral giveaways, contests, competitions, sweepstakes, purchase for chance to win, instant wins, refer-a-friend, and boost subscribers, followers, …

100 No CVEs

Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers

rafflepress

The best WordPress giveaway plugin. Grow your email list, website traffic, and social media followers with viral contests, giveaways, and sweepstakes.

30K 11 CVEs

Woobox

woobox

Easily embed your Woobox promotions in WordPress using a simple shortcode.

1K 2 CVEs

Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more

scratch-win-giveaways-for-website-facebook

Display a Scratch Card on your website to offer visitors a chance to win prizes. A fun incentive to boost conversions!

200 3 CVEs

Developer Profile

Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program Developer Profile

Apps Mav

4 plugins · 1K total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

3 days

View full developer profile

Detection Fingerprints

How We Detect Gratisfaction- Contests Giveaways Referral Loyalty Rewards and Birthdays Program

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/css/theme.css/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/css/gr-frontend.css/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/css/gr-admin.css/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/gr-frontend.js/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/gr-admin.js

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/jquery.bootstrap.min.js

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/jquery.dataTables.min.js

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/jquery.validate.min.js

+1 more

Script Paths

//cdn.appsmav.com/gr/assets/js/gr-widget-sdk.js

Version Parameters

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/css/theme.css?ver=

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/css/gr-frontend.css?ver=

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/css/gr-admin.css?ver=

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/gr-frontend.js?ver=

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/gr-admin.js?ver=

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/jquery.bootstrap.min.js?ver=

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/jquery.dataTables.min.js?ver=

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/jquery.validate.min.js?ver=

/wp-content/plugins/gratisfaction-social-contests-referral-loyalty-rewards-program-by-appsmav/assets/js/bootstrap.bundle.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

gr-widget-wrappergr-frontendgr-admin-wrappergr-form-groupgr-input-fieldgr-buttongr-referral-link-sectiongr-contest-section+11 more

HTML Comments

+7 more

Data Attributes

data-gr-widget-iddata-gr-app-iddata-gr-site-iddata-gr-actiondata-gr-contest-iddata-gr-reward-id

JS Globals

gr_appsmav_frontend_datagr_appsmav_admin_dataGratisfactionWidget

REST Endpoints

/wp-json/gratisfaction/v1/get_referral_link/wp-json/gratisfaction/v1/submit_entry/wp-json/gratisfaction/v1/claim_reward

Shortcode Output

[gratisfaction_referral_link][gratisfaction_contest][gratisfaction_rewards][gratisfaction_share]

FAQ