WP-Safety

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) Security & Risk Analysis

wordpress.org/plugins/loyaltyx-points-and-rewards-for-woocommerce

A lightweight WooCommerce points and rewards plugin to run a loyalty program where customers earn points on purchases and redeem them for discounts.

10 active installs v1.0.3 PHP 7.4+ WP 6.5+ Updated Apr 8, 2026
loyaltyloyalty-programpoints-and-rewardsreward-pointswoocommerce-rewards
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) Safe to Use in 2026?

Generally Safe

Score 100/100

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "loyaltyx-points-and-rewards-for-woocommerce" plugin version 1.0.2 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for nearly all SQL queries and properly escaping a high percentage of output. The absence of known CVEs and a clean vulnerability history are strong indicators of responsible development and maintenance. However, a significant concern arises from the substantial attack surface presented by 16 AJAX handlers, of which 7 lack authentication checks. This leaves a considerable portion of the plugin's functionality potentially accessible to unauthenticated users, creating a notable risk.

Key Concerns

  • 7 AJAX handlers without auth checks
  • 9 unsanitized taint flows (high severity)
Vulnerabilities
None known

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) Release Timeline

v1.0.3Current
v1.0.2
v1.0.1
v1.0.0
Code Analysis
Analyzed Mar 16, 2026

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) Code Analysis

Dangerous Functions
0
Raw SQL Queries
5
64 prepared
Unescaped Output
49
1193 escaped
Nonce Checks
22
Capability Checks
4
File Operations
0
External Requests
5
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

93% prepared69 total queries

Output Escaping

96% escaped1242 total outputs
Data Flows · Security
9 unsanitized

Data Flow Analysis

20 flows9 with unsanitized paths
ddfw_verify_license (devdiggers-framework\includes\class-ddfw-ajax.php:50)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) Attack Surface

Entry Points16
Unprotected7

AJAX Handlers 16

authwp_ajax_ddfw_verify_licensedevdiggers-framework\includes\class-ddfw-ajax.php:37
authwp_ajax_ddfw_get_products_listdevdiggers-framework\includes\class-ddfw-ajax.php:38
authwp_ajax_ddfw_get_categories_listdevdiggers-framework\includes\class-ddfw-ajax.php:39
authwp_ajax_ddfw_get_users_listdevdiggers-framework\includes\class-ddfw-ajax.php:40
authwp_ajax_ddfw_refresh_plugins_cachedevdiggers-framework\includes\class-ddfw-ajax.php:41
authwp_ajax_ddfw_newsletter_subscribedevdiggers-framework\includes\class-ddfw-ajax.php:42
authwp_ajax_ddfw_dismiss_review_noticedevdiggers-framework\includes\class-ddfw-review-notice.php:45
authwp_ajax_devdiggers_dismiss_notificationdevdiggers-framework\includes\class-devdiggers-notifications.php:51
authwp_ajax_ddwcpr_batch_import_pointsincludes\admin\admin-ajax-hooks.php:26
authwp_ajax_ddwcpr_batch_manual_adjustmentincludes\admin\admin-ajax-hooks.php:27
authwp_ajax_ddwcpr_get_all_usersincludes\admin\admin-ajax-hooks.php:28
authwp_ajax_ddwcpr_get_table_rowsincludes\front\front-ajax-hooks.php:26
noprivwp_ajax_ddwcpr_get_table_rowsincludes\front\front-ajax-hooks.php:27
authwp_ajax_ddwcpr_get_variation_points_messageincludes\front\front-ajax-hooks.php:28
noprivwp_ajax_ddwcpr_get_variation_points_messageincludes\front\front-ajax-hooks.php:29
authwp_ajax_ddwcpr_batch_import_pointsincludes\import-wizard.php:25
WordPress Hooks 44
actioninitdevdiggers-framework\global-functions.php:296
actionadmin_menudevdiggers-framework\includes\class-ddfw-admin.php:37
actionadmin_headdevdiggers-framework\includes\class-ddfw-admin.php:38
filterextra_plugin_headersdevdiggers-framework\includes\class-ddfw-admin.php:40
actionadmin_enqueue_scriptsdevdiggers-framework\includes\class-ddfw-assets.php:53
actionadmin_menudevdiggers-framework\includes\class-ddfw-plugin-dashboard.php:60
actionadmin_headdevdiggers-framework\includes\class-ddfw-plugin-dashboard.php:61
actionadmin_menudevdiggers-framework\includes\class-ddfw-plugin-dashboard.php:101
actionadmin_noticesdevdiggers-framework\includes\class-ddfw-review-notice.php:44
actionadmin_initdevdiggers-framework\includes\class-devdiggers-notifications.php:39
actionadmin_noticesdevdiggers-framework\includes\class-devdiggers-notifications.php:50
actionadmin_footerdevdiggers-framework\includes\class-devdiggers-notifications.php:54
actioninitfunctions.php:47
filterplugin_row_metafunctions.php:49
actionadmin_noticesfunctions.php:80
actionplugins_loadedfunctions.php:148
actionbefore_woocommerce_initfunctions.php:181
filterwoocommerce_enable_admin_help_tabincludes\admin\admin-hooks.php:26
actionadmin_initincludes\admin\admin-hooks.php:28
actionshow_user_profileincludes\admin\admin-hooks.php:30
actionedit_user_profileincludes\admin\admin-hooks.php:32
actionpersonal_options_updateincludes\admin\admin-hooks.php:34
actionedit_user_profile_updateincludes\admin\admin-hooks.php:36
actionwoocommerce_refund_createdincludes\admin\admin-hooks.php:38
filtertiny_mce_before_initincludes\admin\admin-hooks.php:40
actionadmin_noticesincludes\admin\admin-hooks.php:42
actionadmin_enqueue_scriptsincludes\admin-dashboard.php:45
filteradmin_footer_textincludes\admin-dashboard.php:46
filterddfw_modify_svg_iconsincludes\common\common-hooks.php:26
filterwoocommerce_email_classesincludes\common\common-hooks.php:28
filterwoocommerce_email_actionsincludes\common\common-hooks.php:30
filterwoocommerce_order_status_changedincludes\common\common-hooks.php:32
filterwoocommerce_cart_totals_coupon_labelincludes\common\common-hooks.php:35
actionwoocommerce_checkout_create_orderincludes\common\common-hooks.php:38
actionddwcpr_mail_notificationincludes\email-notification-handler.php:42
actionwp_enqueue_scriptsincludes\front\front-hooks.php:25
actionwoocommerce_after_single_product_summaryincludes\front\front-hooks.php:30
actionwoocommerce_product_thumbnailsincludes\front\front-hooks.php:32
actionwoocommerce_single_product_summaryincludes\front\front-hooks.php:34
filterquery_varsincludes\front\front-hooks.php:63
filterwoocommerce_account_menu_itemsincludes\front\front-hooks.php:66
filterthe_titleincludes\front\front-hooks.php:70
filtersidebars_widgetsincludes\front\front-hooks.php:72
actionwp_loadedincludes\front\front-hooks.php:75
Maintenance & Trust

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 8, 2026
PHP min version7.4
Downloads657

Community Trust

Rating100/100
Number of ratings6
Active installs10
Alternatives

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) Alternatives

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

simple-points-and-rewards

A
100

WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.

200 No CVEs
Loyalty Points and Rewards for Square

Loyalty Points and Rewards for Square

loyalty-points-and-rewards-for-square

A
100

Add a Square loyalty program to WooCommerce store. Enable customers to earn and track reward points automatically with Square loyalty integration.

0 No CVEs
Points and Rewards for WooCommerce

Points and Rewards for WooCommerce

points-and-rewards-for-woocommerce

A
96

Points and Rewards for WooCommerce offer a reward for points to your customers for their activities & increase customer loyalty.

7K 3 CVEs
HostPlugin – WooCommerce Points & Rewards

HostPlugin – WooCommerce Points & Rewards

hostplugin-woocommerce-points-and-rewards

A
85

Reward your loyal customers for purchases and other actions using points which can be redeemed for discounts on future purchase.

50 No CVEs
WupSales – Reward Points for WooCommerce

WupSales – Reward Points for WooCommerce

wupsales-reward-points-for-woocommerce

A
92

Reward points and loyalty program with WupSales points management system for WooCommerce. Reward your Customers for Purchase, Reviews, Sign up, etc

30 No CVEs
Developer Profile

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program) Developer Profile

DevDiggers

2 plugins · 310 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/loyaltyx-points-and-rewards-for-woocommerce/assets/css/backend/ddwcpr-admin-style.css/wp-content/plugins/loyaltyx-points-and-rewards-for-woocommerce/assets/js/backend/ddwcpr-admin-script.js/wp-content/plugins/loyaltyx-points-and-rewards-for-woocommerce/assets/css/frontend/ddwcpr-frontend-style.css/wp-content/plugins/loyaltyx-points-and-rewards-for-woocommerce/assets/js/frontend/ddwcpr-frontend-script.js
Script Paths
/wp-content/plugins/loyaltyx-points-and-rewards-for-woocommerce/devdiggers-framework/assets/js/ddfw-app.js/wp-content/plugins/loyaltyx-points-and-rewards-for-woocommerce/devdiggers-framework/assets/js/ddfw-framework.js
Version Parameters
loyaltyx-points-and-rewards-for-woocommerce/assets/css/backend/ddwcpr-admin-style.css?ver=loyaltyx-points-and-rewards-for-woocommerce/assets/js/backend/ddwcpr-admin-script.js?ver=loyaltyx-points-and-rewards-for-woocommerce/assets/css/frontend/ddwcpr-frontend-style.css?ver=loyaltyx-points-and-rewards-for-woocommerce/assets/js/frontend/ddwcpr-frontend-script.js?ver=loyaltyx-points-and-rewards-for-woocommerce/devdiggers-framework/assets/js/ddfw-app.js?ver=loyaltyx-points-and-rewards-for-woocommerce/devdiggers-framework/assets/js/ddfw-framework.js?ver=

HTML / DOM Fingerprints

CSS Classes
ddwcpr-admin-styleddwcpr-admin-scriptddwcpr-frontend-styleddwcpr-frontend-script
HTML Comments
<!-- ddwcpr: LoyaltyX - Points and Rewards for WooCommerce. -->
Data Attributes
data-plugin-name="LoyaltyX - Points and Rewards for WooCommerce"data-plugin-prefix="ddwcpr"data-review-url="https://wordpress.org/support/plugin/loyaltyx-points-and-rewards-for-woocommerce/reviews/#new-post"
JS Globals
DDWCPR_ADMIN_SCRIPT_OBJECTDDWCPR_FRONTEND_SCRIPT_OBJECT
FAQ

Frequently Asked Questions about Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program)