WP-Safety

Loyalty for WooCommerce – Points and Rewards / Loyalty Program Security & Risk Analysis

wordpress.org/plugins/loyalty-for-woocommerce

Create a flexible loyalty and rewards program for WooCommerce—reward customers with points, increase retention, and grow repeat sales.

10 active installs v1.1.4 PHP 7.4+ WP 6.3+ Updated Feb 6, 2026
couponsloyaltypointspoints-and-rewardsrewards
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Loyalty for WooCommerce – Points and Rewards / Loyalty Program Safe to Use in 2026?

Generally Safe

Score 100/100

Loyalty for WooCommerce – Points and Rewards / Loyalty Program has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

This plugin exhibits a generally strong security posture with several good practices in place. The absence of known CVEs and a history of zero recorded vulnerabilities are positive indicators. The code demonstrates diligent use of prepared statements for SQL queries and a high percentage of properly escaped output, which significantly reduces the risk of common injection and XSS vulnerabilities. The presence of numerous nonce and capability checks further strengthens its defenses against unauthorized actions.

However, there are two significant areas of concern that lower its overall security score. The analysis reveals two AJAX handlers that lack authentication checks. This creates a direct entry point for unauthenticated users to interact with potentially sensitive plugin functionality, posing a risk of unauthorized access or manipulation. While no critical or high-severity taint flows were identified, the presence of one flow with an unsanitized path, even if not critical, warrants attention as it could be a vector for exploitation in certain circumstances. The plugin also performs file operations and external HTTP requests, which, while not inherently risky, require careful scrutiny to ensure they are handled securely.

In conclusion, the "loyalty-for-woocommerce" plugin has a solid foundation of secure coding practices, particularly in data handling and access control for most of its features. The lack of historical vulnerabilities is a major strength. Nevertheless, the two unprotected AJAX endpoints represent a tangible risk that needs immediate remediation. The single unsanitized path flow, though not critical, suggests that a thorough review of input validation and sanitization across all entry points is advisable to maintain its strong security record.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
Vulnerabilities
None known

Loyalty for WooCommerce – Points and Rewards / Loyalty Program Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Loyalty for WooCommerce – Points and Rewards / Loyalty Program Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
7 prepared
Unescaped Output
81
446 escaped
Nonce Checks
23
Capability Checks
11
File Operations
2
External Requests
1
Bundled Libraries
0

SQL Query Safety

100% prepared7 total queries

Output Escaping

85% escaped527 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

11 flows1 with unsanitized paths
import_csv (inc\backend\settings\yoswc-loyalty-settings-tools.php:87)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Loyalty for WooCommerce – Points and Rewards / Loyalty Program Attack Surface

Entry Points16
Unprotected2

AJAX Handlers 16

authwp_ajax_reward_user_pointsinc\backend\users\yoswc-loyalty-user-profile-points.php:10
authwp_ajax_deduct_user_pointsinc\backend\users\yoswc-loyalty-user-profile-points.php:11
authwp_ajax_get_points_loginc\backend\users\yoswc-loyalty-user-profile-points.php:12
authwp_ajax_get_user_nameinc\backend\users\yoswc-loyalty-users-points.php:14
authwp_ajax_reward_user_pointsinc\backend\users\yoswc-loyalty-users-points.php:15
authwp_ajax_deduct_user_pointsinc\backend\users\yoswc-loyalty-users-points.php:16
authwp_ajax_never_show_yoswc_loyalty_noticeinc\cores\yoswc-loyalty-notices.php:11
authwp_ajax_dismiss_wcl_premium_ad_noticeinc\cores\yoswc-loyalty-notices.php:12
authwp_ajax_applying_pointsinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:12
noprivwp_ajax_applying_pointsinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:13
authwp_ajax_get_earned_pointsinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:15
noprivwp_ajax_get_earned_pointsinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:16
authwp_ajax_delete_loyalty_couponinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:18
noprivwp_ajax_delete_loyalty_couponinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:19
authwp_ajax_load_more_points_loginc\frontend\yoswc-loyalty-my-account-my-points.php:20
noprivwp_ajax_load_more_points_loginc\frontend\yoswc-loyalty-my-account-my-points.php:21
WordPress Hooks 66
actionwoocommerce_loyalty_points_rewardinc\backend\actions\emails\yoswc-loyalty-notifications-email.php:10
actionwoocommerce_loyalty_points_deductinc\backend\actions\emails\yoswc-loyalty-notifications-email.php:11
actionwoocommerce_loyalty_level_updateinc\backend\actions\emails\yoswc-loyalty-notifications-email.php:15
actionset_user_roleinc\backend\actions\extra\yoswc-loyalty-extra-points-level-up.php:9
actionwp_logininc\backend\actions\extra\yoswc-loyalty-extra-points-log-in.php:8
actioncomment_postinc\backend\actions\extra\yoswc-loyalty-extra-points-review.php:7
actionuser_registerinc\backend\actions\extra\yoswc-loyalty-extra-points-sign-up.php:7
actionwoocommerce_order_status_changedinc\backend\actions\yoswc-loyalty-deducting-point-order-status-updated.php:8
actionwoocommerce_order_status_changedinc\backend\actions\yoswc-loyalty-earning-point-order-status-updated.php:8
actionwoocommerce_order_status_cancelledinc\backend\actions\yoswc-loyalty-return-used-point.php:7
actionwoocommerce_order_status_refundedinc\backend\actions\yoswc-loyalty-return-used-point.php:8
actionwoocommerce_order_status_failedinc\backend\actions\yoswc-loyalty-return-used-point.php:9
actionwoocommerce_thankyouinc\backend\actions\yoswc-loyalty-using-point-new-order.php:7
actionadmin_initinc\backend\settings\yoswc-loyalty-settings-customization.php:8
actionadmin_enqueue_scriptsinc\backend\settings\yoswc-loyalty-settings-customization.php:9
actionadmin_initinc\backend\settings\yoswc-loyalty-settings-general-add-remove-user-role.php:8
actionadmin_headinc\backend\settings\yoswc-loyalty-settings-general-add-remove-user-role.php:9
actionadmin_noticesinc\backend\settings\yoswc-loyalty-settings-general-add-remove-user-role.php:10
actionwoocommerce_admin_field_set_earning_point_rulesinc\backend\settings\yoswc-loyalty-settings-general-earning-point-rules.php:7
actionwoocommerce_admin_field_set_level_rulesinc\backend\settings\yoswc-loyalty-settings-general-level-rules.php:9
actionwoocommerce_admin_field_set_level_discountsinc\backend\settings\yoswc-loyalty-settings-general-level-rules.php:10
actionwoocommerce_admin_field_yol_multi_checkboxinc\backend\settings\yoswc-loyalty-settings-general-multi-checkbox.php:7
actionwoocommerce_admin_field_set_using_point_rulesinc\backend\settings\yoswc-loyalty-settings-general-using-point-rules.php:7
actioninitinc\backend\settings\yoswc-loyalty-settings-tools.php:7
actionadmin_post_redefine_loyalty_levelinc\backend\settings\yoswc-loyalty-settings-tools.php:8
actionadmin_noticesinc\backend\settings\yoswc-loyalty-settings-tools.php:9
actionshow_user_profileinc\backend\users\yoswc-loyalty-user-profile-points.php:8
actionedit_user_profileinc\backend\users\yoswc-loyalty-user-profile-points.php:9
filtermanage_users_columnsinc\backend\users\yoswc-loyalty-users-points.php:8
filtermanage_users_sortable_columnsinc\backend\users\yoswc-loyalty-users-points.php:9
actionpre_get_usersinc\backend\users\yoswc-loyalty-users-points.php:10
actionmanage_users_custom_columninc\backend\users\yoswc-loyalty-users-points.php:11
actionadmin_footerinc\backend\users\yoswc-loyalty-users-points.php:12
actionadmin_enqueue_scriptsinc\backend\users\yoswc-loyalty-users-points.php:13
actionadmin_menuinc\backend\yoohw-menu-dashboard.php:19
filterwoocommerce_settings_tabs_arrayinc\backend\yoohw-woo-settings-tabs-reorder.php:8
filterwoocommerce_settings_tabs_arrayinc\backend\yoswc-loyalty-settings.php:13
actionwoocommerce_settings_tabs_loyaltyinc\backend\yoswc-loyalty-settings.php:14
actionwoocommerce_update_options_loyaltyinc\backend\yoswc-loyalty-settings.php:15
actionadmin_enqueue_scriptsinc\backend\yoswc-loyalty-settings.php:17
actionadmin_enqueue_scriptsinc\cores\yoswc-loyalty-backend.php:15
actionadmin_initinc\cores\yoswc-loyalty-backend.php:16
actionwp_enqueue_scriptsinc\cores\yoswc-loyalty-frontend.php:10
actionadmin_noticesinc\cores\yoswc-loyalty-notices.php:10
actionadmin_enqueue_scriptsinc\cores\yoswc-loyalty-notices.php:13
actionwp_enqueue_scriptsinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:9
actionwoocommerce_before_checkout_forminc\frontend\yoswc-loyalty-cart-checkout-using-point.php:10
actionwoocommerce_before_cartinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:11
actionwoocommerce_cart_calculate_feesinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:14
filterwoocommerce_cart_totals_coupon_labelinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:17
actionwoocommerce_removed_couponinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:20
filterwoocommerce_coupon_messageinc\frontend\yoswc-loyalty-cart-checkout-using-point.php:21
actionwp_enqueue_scriptsinc\frontend\yoswc-loyalty-my-account-my-points.php:13
filterwoocommerce_account_menu_itemsinc\frontend\yoswc-loyalty-my-account-my-points.php:14
actioninitinc\frontend\yoswc-loyalty-my-account-my-points.php:15
actionwp_loadedinc\frontend\yoswc-loyalty-my-account-my-points.php:16
actionupdate_option_loyalty_customization_my_accountinc\frontend\yoswc-loyalty-my-account-my-points.php:17
actionwoocommerce_before_add_to_cart_buttoninc\frontend\yoswc-loyalty-product-message-earning-point.php:15
actionwoocommerce_after_add_to_cart_buttoninc\frontend\yoswc-loyalty-product-message-earning-point.php:19
actionwoocommerce_single_product_summaryinc\frontend\yoswc-loyalty-product-message-earning-point.php:23
actionwoocommerce_single_product_summaryinc\frontend\yoswc-loyalty-product-message-earning-point.php:27
actionwoocommerce_product_meta_endinc\frontend\yoswc-loyalty-product-message-earning-point.php:31
actionwoocommerce_after_add_to_cart_buttoninc\frontend\yoswc-loyalty-product-message-earning-point.php:35
actionwoocommerce_after_add_to_cart_buttoninc\frontend\yoswc-loyalty-product-message-earning-point.php:39
actionwoocommerce_after_shop_loop_item_titleinc\frontend\yoswc-loyalty-shop-message-earning-point.php:8
actionplugins_loadedloyalty-for-woocommerce.php:31
Maintenance & Trust

Loyalty for WooCommerce – Points and Rewards / Loyalty Program Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 6, 2026
PHP min version7.4
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs10
Alternatives

Loyalty for WooCommerce – Points and Rewards / Loyalty Program Alternatives

Points and Rewards for WooCommerce – Create Loyalty Programs, Reward Customer Purchases, User Badges, Gamification

Points and Rewards for WooCommerce – Create Loyalty Programs, Reward Customer Purchases, User Badges, Gamification

points-and-rewards-for-woocommerce

A
96

Points and Rewards for WooCommerce offer a reward for points to your customers for their activities & increase customer loyalty.

7K 3 CVEs
MyRewards

MyRewards

woorewards

A
98

Free top-rated points and rewards program to retain your customers, grow your sales and get new customers.

3K 2 CVEs
Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty

wployalty

A
100

Create WooCommerce points and rewards program with WPLoyalty to increase customer loyalty and boost sales. Reward customers to drive repeat purchases.

3K No CVEs
Easy Loyalty Points and Rewards for WooCommerce

Easy Loyalty Points and Rewards for WooCommerce

easy-loyalty-points-and-rewards-for-woocommerce

A
85

A lightweight, easy to use customer loyalty system for WooCommerce.

400 No CVEs
Simple Points and Rewards for WooCommerce – Create a Loyalty Program

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

simple-points-and-rewards

A
100

WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.

100 No CVEs
Developer Profile

Loyalty for WooCommerce – Points and Rewards / Loyalty Program Developer Profile

YoOhw Studio

7 plugins · 3K total installs

92
trust score
Avg Security Score
97/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Loyalty for WooCommerce – Points and Rewards / Loyalty Program

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/loyalty-for-woocommerce/inc/cores/yoswc-loyalty-notices.php/wp-content/plugins/loyalty-for-woocommerce/inc/cores/yoswc-loyalty-backend.php/wp-content/plugins/loyalty-for-woocommerce/inc/cores/yoswc-loyalty-frontend.php/wp-content/plugins/loyalty-for-woocommerce/inc/cores/yoswc-loyalty-database.php/wp-content/plugins/loyalty-for-woocommerce/js/yoswc-loyalty-settings-customzation.js
Script Paths
/wp-content/plugins/loyalty-for-woocommerce/js/yoswc-loyalty-settings-customzation.js
Version Parameters
loyalty-for-woocommerce/js/yoswc-loyalty-settings-customzation.js?ver=

HTML / DOM Fingerprints

CSS Classes
loyalty_customization
HTML Comments
Icons and Text Color
Data Attributes
data-role
JS Globals
loyalty_customization_levelsloyalty_customization_membercardloyalty_customization_shop_pageloyalty_customization_product_pageloyalty_customization_message_iconloyalty_customization_my_account+2 more
FAQ

Frequently Asked Questions about Loyalty for WooCommerce – Points and Rewards / Loyalty Program