Does LoyCart-POS have any unpatched vulnerabilities?

No. All known vulnerabilities in LoyCart-POS have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LoyCart-POS compatible with WordPress 6.9.4?

According to WordPress.org data, LoyCart-POS 1.0.20 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is LoyCart-POS compatible with PHP 7.4+?

LoyCart-POS requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LoyCart-POS updated?

LoyCart-POS was last updated on Unknown. Frequent updates are generally a positive security signal.

What is LoyCart-POS's security score?

LoyCart-POS has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LoyCart-POS Security & Risk Analysis

wordpress.org/plugins/loycart-pos

LoyCart-POS provides a simple, fast, accurate, and seamless point-of-sale interface directly within your WordPress admin dashboard.

0 active installs v1.0.20 PHP 7.4+ WP 5.8+ Updated Unknown

posrefundsretailsplit-paymentswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is LoyCart-POS Safe to Use in 2026?

Generally Safe

Score 100/100

LoyCart-POS has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "loycart-pos" plugin v1.0.20 exhibits a mixed security posture. On the positive side, it demonstrates good practices regarding SQL queries, exclusively using prepared statements, and a high percentage of properly escaped output. It also includes a significant number of nonce and capability checks, indicating an awareness of common WordPress security mechanisms. However, a significant concern arises from the large attack surface presented by AJAX handlers, with a substantial portion (23 out of 30) lacking proper authentication checks. This oversight creates a direct pathway for unauthenticated attackers to interact with sensitive plugin functionalities. The taint analysis further highlights this weakness, revealing two flows with unsanitized paths, categorized as high severity. While the plugin has no recorded vulnerability history (CVEs), this is a positive but not a definitive indicator of future security. The absence of past vulnerabilities could be due to various factors, including limited exposure or effective security measures in previous versions, but it doesn't negate the risks identified in the current static analysis.

Key Concerns

High number of AJAX handlers without auth checks
High severity taint flows with unsanitized paths

Vulnerabilities

None known

LoyCart-POS Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

LoyCart-POS Code Analysis

Dangerous Functions

Raw SQL Queries

12 prepared

Unescaped Output

206 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared12 total queries

Output Escaping

89% escaped231 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

loycart_ajax_get_products (loycart-pos-ajax-handlers.php:286)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

23 unprotected

LoyCart-POS Attack Surface

Entry Points30

Unprotected23

AJAX Handlers 30

authwp_ajax_loycart_ajax_open_cash_drawerloycart-pos-ajax-handlers.php:1714

authwp_ajax_loycart_ajax_get_available_couponsloycart-pos-ajax-handlers.php:1779

authwp_ajax_loycart_pos_get_store_creditloycart-pos-ajax-handlers.php:1822

authwp_ajax_loycart_get_sale_dataloycart-pos-ajax-handlers.php:1827

authwp_ajax_loycart_pos_get_settingsloycart-pos-ajax-handlers.php:1877

authwp_ajax_loycart_pos_save_settingsloycart-pos-ajax-handlers.php:2027

authwp_ajax_loycart_pos_get_credit_reportsloycart-pos-ajax-handlers.php:2375

authwp_ajax_loycart_pos_get_productsloycart-pos.php:592

authwp_ajax_loycart_search_customersloycart-pos.php:593

authwp_ajax_loycart_complete_saleloycart-pos.php:594

authwp_ajax_loycart_hold_saleloycart-pos.php:595

authwp_ajax_loycart_get_held_cartsloycart-pos.php:596

authwp_ajax_loycart_resume_held_cartloycart-pos.php:597

authwp_ajax_loycart_delete_held_cartloycart-pos.php:598

authwp_ajax_loycart_pos_process_refundloycart-pos.php:599

authwp_ajax_loycart_ajax_get_label_dataloycart-pos.php:600

authwp_ajax_loycart_refresh_nonceloycart-pos.php:601

authwp_ajax_loycart_pos_create_custom_productloycart-pos.php:602

authwp_ajax_loycart_pos_get_shipping_optionsloycart-pos.php:603

authwp_ajax_loycart_calculate_cart_totalsloycart-pos.php:629

authwp_ajax_loycart_pos_get_customer_ordersloycart-pos.php:630

authwp_ajax_loycart_pos_get_refundable_order_itemsloycart-pos.php:631

authwp_ajax_loycart_pos_get_customer_addressloycart-pos.php:632

authwp_ajax_loycart_pos_save_dataloycart-pos.php:633

authwp_ajax_loycart_pos_load_dataloycart-pos.php:634

authwp_ajax_loycart_pos_clear_dataloycart-pos.php:635

authwp_ajax_loycart_ajax_validate_cartloycart-pos.php:636

authwp_ajax_loycart_pos_clear_cart_stateloycart-pos.php:637

authwp_ajax_loycart_ajax_get_available_couponsloycart-pos.php:638

authwp_ajax_loycart_pos_create_customerloycart-pos.php:674

WordPress Hooks 27

filterwoocommerce_coupon_is_validloycart-pos-coupon-debug.php:3

actionadmin_noticesloycart-pos-coupon-debug.php:8

filterwoocommerce_coupon_errorloycart-pos-coupon-debug.php:19

actionwoocommerce_order_status_completedloycart-pos-store-credit.php:159

actionwoocommerce_order_status_completedloycart-pos-store-credit.php:205

actionwoocommerce_order_refundedloycart-pos-store-credit.php:241

actionprofile_updateloycart-pos-store-credit.php:278

actioninitloycart-pos-store-credit.php:296

filterwoocommerce_account_menu_itemsloycart-pos-store-credit.php:301

actionwoocommerce_account_store-credit_endpointloycart-pos-store-credit.php:317

actionwp_loginloycart-pos.php:50

actionadmin_initloycart-pos.php:51

actionadmin_noticesloycart-pos.php:65

actionadmin_noticesloycart-pos.php:72

actionadmin_initloycart-pos.php:76

actionwoocommerce_reduce_order_stockloycart-pos.php:138

actionwoocommerce_restore_order_stockloycart-pos.php:139

actionwoocommerce_product_set_stockloycart-pos.php:140

actionwoocommerce_variation_set_stockloycart-pos.php:141

actionsave_post_productloycart-pos.php:142

actionadmin_menuloycart-pos.php:143

actionadmin_bar_menuloycart-pos.php:144

actionadmin_headloycart-pos.php:200

actionadmin_footerloycart-pos.php:211

actionadmin_enqueue_scriptsloycart-pos.php:591

actionadd_meta_boxesloycart-pos.php:605

actionwp_enqueue_scriptsloycart-pos.php:683

Maintenance & Trust

LoyCart-POS Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.4

Downloads666

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

LoyCart-POS Alternatives

SIRAPIX POS for WooCommerce

sirapix-pos-for-woocommerce

100

Offline-first WooCommerce POS for in-store sales with synced inventory, customers, and orders. With unlimited users and multiple language support.

10 No CVEs

MailPoet – Newsletters, Email Marketing, and Automation

mailpoet

Send beautiful newsletters from WordPress. Collect subscribers with signup forms, automate your emails for WooCommerce, blog post notifications & more

500K 3 CVEs

Filter Everything — Product Filter & WordPress Filter

filter-everything

100

The most universal filters plugin for WordPress and WooCommerce products.

50K No CVEs

Kliken: Ads + Pixel for Meta

kliken-ads-pixel-for-meta

100

Drive Sales on Facebook and Instagram in 5 minutes—upload your catalog, implement the Meta Pixel & Conversions API, and grow via Meta Advantage+ now.

50K No CVEs

PayTR Sanal POS WooCommerce – iFrame API

paytr-sanal-pos-woocommerce-iframe-api

100

PayTR üyeliğiniz ile WooCommerce üzerinden ödeme almanız için gerekli altyapı.

10K No CVEs

Developer Profile

LoyCart-POS Developer Profile

Dave Herbert

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LoyCart-POS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/loycart-pos/loycart-pos.css/wp-content/plugins/loycart-pos/loycart-pos.js/wp-content/plugins/loycart-pos/loycart-pos-admin.css/wp-content/plugins/loycart-pos/loycart-pos-admin.js

Script Paths

/wp-content/plugins/loycart-pos/loycart-pos.js/wp-content/plugins/loycart-pos/loycart-pos-admin.js

Version Parameters

loycart-pos/loycart-pos.css?ver=loycart-pos/loycart-pos.js?ver=loycart-pos/loycart-pos-admin.css?ver=loycart-pos/loycart-pos-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

loycart-dark-mode-toggleloycart-pos-adminbar-notifications

HTML Comments

Data Attributes

data-loycart-product-search

JS Globals

window.toggleDarkMode

FAQ