Loya Pay Security & Risk Analysis
wordpress.org/plugins/loya-payGive your customers 5% instant cashback and 1% referral rewards with Loya Pay.
Is Loya Pay Safe to Use in 2026?
Generally Safe
Score 100/100Loya Pay has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin "loya-pay" v2.0.2 exhibits a generally good security posture with several positive indicators. The static analysis reveals no critical code signals like dangerous functions or unsanitized taint flows. All output is properly escaped, and file operations and external HTTP requests, while present, are not immediately flagged as issues without further context. The plugin also demonstrates good practice by including capability checks and not bundling external libraries, which can often be a source of vulnerabilities.
However, there are a few areas of concern that prevent a perfect score. The presence of two SQL queries that do not use prepared statements is a significant risk. This makes the plugin vulnerable to SQL injection attacks if the data used in these queries is not meticulously sanitized. Additionally, the complete lack of nonce checks, while not directly tied to an exposed AJAX or REST API endpoint in this specific analysis, is a missed security control. Nonces are a fundamental defense against CSRF attacks, and their absence leaves potential for future vulnerabilities if new endpoints are introduced without proper protection.
Given the absence of any recorded vulnerabilities (CVEs) and the clean taint analysis, the plugin has a history of appearing secure. This suggests the developers are generally mindful of security. Nevertheless, the identified SQL query and nonce check issues represent concrete, evidence-backed risks that warrant attention. The plugin's strengths lie in its proper output escaping and limited attack surface, but the SQL and nonce weaknesses are notable.
Key Concerns
- SQL queries without prepared statements
- No nonce checks implemented
Loya Pay Security Vulnerabilities
Loya Pay Code Analysis
SQL Query Safety
Output Escaping
Loya Pay Attack Surface
REST API Routes 1
WordPress Hooks 10
Maintenance & Trust
Loya Pay Maintenance & Trust
Maintenance Signals
Community Trust
Loya Pay Alternatives
Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments
wallet-system-for-woocommerce
This plugin adds a digital wallet and Buy Now Pay Later feature to your WooCommerce store, allowing customers to add funds, check balances, and make s …
Easy Loyalty Points and Rewards for WooCommerce
easy-loyalty-points-and-rewards-for-woocommerce
A lightweight, easy to use customer loyalty system for WooCommerce.
Simple Points and Rewards for WooCommerce – Create a Loyalty Program
simple-points-and-rewards
WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.
RewardsWP – Loyalty Points & Referral Program for WooCommerce
rewardswp
Turn customers into brand advocates with loyalty points and referral programs for WooCommerce and Easy Digital Downloads.
XT Points & Rewards for WooCommerce
xt-woo-points-rewards
Points and Rewards for WooCommerce that lets you reward your customers for purchases and other actions with points that can be redeemed for discounts.
Loya Pay Developer Profile
1 plugin · 0 total installs
How We Detect Loya Pay
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/loya-pay/assets/css/checkout.css/wp-content/plugins/loya-pay/assets/loya-checkout.js/wp-content/plugins/loya-pay/assets/loya-checkout.jsloya-pay/assets/css/checkout.css?ver=loya-pay/assets/loya-checkout.js?ver=HTML / DOM Fingerprints
loya-connect-buttondata-loya-platform-urldata-merchant-iddata-api-keydata-webhook-secretdata-testmodeloya_checkout_params