Does LoymaxWebApp have any unpatched vulnerabilities?

No. All known vulnerabilities in LoymaxWebApp have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is LoymaxWebApp compatible with WordPress 5.1.22?

According to WordPress.org data, LoymaxWebApp 3.5.8 has been tested up to WordPress 5.1.22. Check the plugin's changelog for the latest compatibility information.

Is LoymaxWebApp compatible with PHP 5.6+?

LoymaxWebApp requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is LoymaxWebApp updated?

LoymaxWebApp was last updated on Jan 15, 2026. Frequent updates are generally a positive security signal.

What is LoymaxWebApp's security score?

LoymaxWebApp has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

LoymaxWebApp Security Review — Score 100/100 (safe)

Safety Verdict

Is LoymaxWebApp Safe to Use in 2026?

Generally Safe

Score 100/100

LoymaxWebApp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The loymaxapp plugin v3.5.8 presents a mixed security posture. On the positive side, there are no known vulnerabilities (CVEs) recorded, and the plugin demonstrates good practices in its handling of SQL queries, with 93% using prepared statements. The absence of external HTTP requests and bundled libraries also contributes to a reduced attack surface in those specific areas.

However, significant concerns arise from the static and taint analysis. The presence of unsanitized paths in 13 out of 14 analyzed flows is a critical red flag, indicating a high potential for path traversal or file manipulation vulnerabilities, even though the taint analysis did not flag them as critical or high severity. Furthermore, only 25% of outputs are properly escaped, exposing the plugin to potential Cross-Site Scripting (XSS) vulnerabilities. The complete lack of nonce checks on any entry points is also a serious oversight, leaving actions susceptible to CSRF attacks.

While the vulnerability history is clean, this does not negate the risks identified in the code analysis. The plugin's strengths in SQL handling and lack of external requests are overshadowed by the critical findings in taint analysis related to unsanitized paths and the significant risk of XSS due to insufficient output escaping, coupled with the absence of fundamental security checks like nonces. A balanced conclusion would be that the plugin has some good foundational security elements but harbors critical weaknesses that require immediate attention.

Key Concerns

Unsanitized paths in taint flows
Low percentage of properly escaped output
Zero nonce checks on entry points
Only one capability check present

Vulnerabilities

None known

LoymaxWebApp Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

LoymaxWebApp Code Analysis

Dangerous Functions

0

Raw SQL Queries

1

14 prepared

Unescaped Output

66

22 escaped

Nonce Checks

0

Capability Checks

1

File Operations

4

External Requests

0

Bundled Libraries

0

SQL Query Safety

93% prepared15 total queries

Output Escaping

25% escaped88 total outputs

Data Flows

13 unsanitized

Data Flow Analysis

14 flows13 with unsanitized paths

show (includes\loymax-common-config.php:95)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

LoymaxWebApp Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 27

actionadmin_noticesincludes\loymax-customify-helper.php:48

actionadmin_noticesincludes\loymax-customify-helper.php:60

actionadmin_noticesincludes\loymax-customify-helper.php:101

actionadmin_initincludes\loymax-install-wizard.php:36

actionadmin_enqueue_scriptsincludes\loymax-install-wizard.php:37

actionadmin_noticesincludes\loymax-updater.php:274

actionadmin_noticesincludes\loymax-userportal-config.php:310

actionadmin_noticesincludes\loymax-userportal-page.php:141

actionadmin_noticesincludes\loymax-userportal-page.php:157

actionadmin_noticesincludes\loymax-userportal-page.php:185

actionwp_enqueue_scriptsloymax-app.php:83

actionwp_headloymax-app.php:85

actionshutdownloymax-app.php:86

actionadmin_menuloymax-app.php:88

actionadmin_enqueue_scriptsloymax-app.php:90

actioninitloymax-app.php:104

actionwidgets_initloymax-app.php:188

actionupgrader_process_completeloymax-app.php:192

actionplugins_loadedloymax-app.php:198

actionbefore_delete_postloymax-app.php:200

actionpre_delete_termloymax-app.php:216

actionadmin_noticesloymax-app.php:224

actionadmin_noticesloymax-app.php:225

actionedit_postloymax-app.php:227

actionupdate_option_page_on_frontloymax-app.php:234

actionadmin_noticesloymax-app.php:247

filterauto_update_pluginloymax-app.php:363

Maintenance & Trust

LoymaxWebApp Maintenance & Trust

Maintenance Signals

WordPress version tested5.1.22

Last updatedJan 15, 2026

PHP min version5.6

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs40

Alternatives

LoymaxWebApp Alternatives

Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

mycred

C

62

A WordPress gamification plugin is also a points management system. Award ranks, loyalty points and rewards or WooCommerce rewards to your users.

10K 1 unpatched

theMarketer – Email marketing, Newsletters, Automation & Loyalty for Woocommerce

themarketer

A

99

Collect subscribers. Send newsletters. Create 1:1 personalised emails using dynamic blocks. Activate one of almost 30 predefined workflows.

600 1 CVE

Diller Loyalty

diller-loyalty

A

100

Diller Loyalty platform integration plugin for seamless membership engagement. Manages points, coupons and benefits and integrates with WC orders.

70 No CVEs

HostPlugin – WooCommerce Points & Rewards

hostplugin-woocommerce-points-and-rewards

A

85

Reward your loyal customers for purchases and other actions using points which can be redeemed for discounts on future purchase.

50 No CVEs

Vite Rewards for Woocommerce

vite-rewards

A

100

ViteRewards is a powerful and flexible loyalty points plugin designed specifically for WooCommerce.

50 No CVEs

Developer Profile

LoymaxWebApp Developer Profile

loymax

1 plugin · 40 total installs

94

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect LoymaxWebApp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/loymaxapp/admin/loymax-plugin-styles.css/wp-content/plugins/loymaxapp/admin/admin.js

Script Paths

/wp-content/plugins/loymaxapp/admin/admin.js

Version Parameters

loymax-style?ver=loymax-admin-js?ver=

HTML / DOM Fingerprints

CSS Classes

loymax-setup

Data Attributes

lmx-action

FAQ

LoymaxWebApp Security & Risk Analysis