WP-Safety

Loystar for WooCommerce Security & Risk Analysis

wordpress.org/plugins/loystar-woocommerce-loyalty-program

Integrate your WooCommerce store with Loystar loyalty platform for comprehensive customer retention and omni-channel loyalty programs.

10 active installs v3.2.8 PHP 7.4+ WP 5.0.0+ Updated Sep 29, 2025
customer-retentionloyaltyloyalty-programrewardswoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Loystar for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Loystar for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6mo ago
Risk Assessment

The "loystar-woocommerce-loyalty-program" v3.2.8 plugin exhibits a mixed security posture. On the positive side, it demonstrates a strong adherence to secure coding practices with a high percentage of SQL queries using prepared statements and a robust number of nonce and capability checks. The absence of known CVEs and a clean vulnerability history are significant strengths, suggesting a generally well-maintained and secure codebase over time. However, the static analysis reveals notable areas of concern.

The plugin's attack surface includes three AJAX handlers, with two of them lacking proper authentication checks. This presents a significant risk, as these unprotected entry points could be leveraged by unauthenticated users to trigger potentially harmful actions. Furthermore, the taint analysis indicates six flows with unsanitized paths, which, while not classified as critical or high severity in this specific analysis, still represent potential avenues for injection vulnerabilities if not properly handled. The low percentage of properly escaped output is another concern, increasing the risk of cross-site scripting (XSS) vulnerabilities.

In conclusion, while the plugin benefits from a history free of major vulnerabilities and a good use of prepared statements and authorization checks, the presence of unprotected AJAX handlers and unsanitized paths are serious security weaknesses that require immediate attention. The low rate of output escaping also contributes to a heightened risk profile.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Low percentage of output escaping
Vulnerabilities
None known

Loystar for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Loystar for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
3
34 prepared
Unescaped Output
105
17 escaped
Nonce Checks
16
Capability Checks
11
File Operations
2
External Requests
6
Bundled Libraries
1

Bundled Libraries

jQuery

SQL Query Safety

92% prepared37 total queries

Output Escaping

14% escaped122 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths
add_little_jquery (admin\class-add-loyalty-program.php:144)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Loystar for WooCommerce Attack Surface

Entry Points3
Unprotected2

AJAX Handlers 3

authwp_ajax_ls_export_productsadmin\class-wc-ls-sync.php:155
authwp_ajax_ls_sync_progressadmin\ls-sync-progress-ajax.php:3
authwp_ajax_ls_clear_sync_progressloystar.php:129
WordPress Hooks 89
actionadmin_menuadmin\class-add-loyalty-program.php:116
actionadmin_footeradmin\class-add-loyalty-program.php:117
actionwoocommerce_coupon_optionsadmin\class-coupon-page.php:19
actionwoocommerce_coupon_options_saveadmin\class-coupon-page.php:20
filterset-screen-optionadmin\class-customers.php:75
actionadmin_menuadmin\class-customers.php:76
actionadmin_enqueue_scriptsadmin\class-loyalty-programs.php:85
filterset-screen-optionadmin\class-loyalty-programs.php:86
actionadmin_menuadmin\class-loyalty-programs.php:87
actionadmin_footeradmin\class-loyalty-programs.php:88
actionadmin_noticesadmin\class-loyalty-programs.php:173
actionadmin_noticesadmin\class-notices.php:93
actionwoocommerce_product_options_general_product_dataadmin\class-product-page.php:39
actionwoocommerce_process_product_metaadmin\class-product-page.php:40
actionwoocommerce_product_after_variable_attributesadmin\class-product-page.php:42
actionwoocommerce_save_product_variationadmin\class-product-page.php:43
actionadmin_menuadmin\class-settings.php:88
actionadmin_footeradmin\class-settings.php:89
actionadmin_headadmin\class-settings.php:91
actionadmin_noticesadmin\class-settings.php:96
actionadmin_noticesadmin\class-settings.php:98
actionadmin_noticesadmin\class-settings.php:102
actionadmin_footeradmin\class-sync.php:106
actionadmin_menuadmin\class-sync.php:107
actionadmin_menuadmin\class-wc-ls-add-loyalty-program.php:116
actionadmin_footeradmin\class-wc-ls-add-loyalty-program.php:117
filterset-screen-optionadmin\class-wc-ls-customers.php:75
actionadmin_menuadmin\class-wc-ls-customers.php:76
actionadmin_enqueue_scriptsadmin\class-wc-ls-loyalty-programs.php:85
filterset-screen-optionadmin\class-wc-ls-loyalty-programs.php:86
actionadmin_menuadmin\class-wc-ls-loyalty-programs.php:87
actionadmin_footeradmin\class-wc-ls-loyalty-programs.php:88
actionadmin_noticesadmin\class-wc-ls-loyalty-programs.php:173
actionadmin_noticesadmin\class-wc-ls-notices.php:56
actionadmin_noticesadmin\class-wc-ls-orders.php:68
actionadmin_noticesadmin\class-wc-ls-orders.php:69
actionadmin_noticesadmin\class-wc-ls-orders.php:72
actionwoocommerce_order_status_completedadmin\class-wc-ls-orders.php:75
actionwoocommerce_process_shop_order_metaadmin\class-wc-ls-orders.php:76
actionadmin_footeradmin\class-wc-ls-orders.php:78
actionwoocommerce_product_options_general_product_dataadmin\class-wc-ls-product.php:42
actionwoocommerce_process_product_metaadmin\class-wc-ls-product.php:43
actionwoocommerce_product_after_variable_attributesadmin\class-wc-ls-product.php:46
actionwoocommerce_save_product_variationadmin\class-wc-ls-product.php:47
actionadmin_menuadmin\class-wc-ls-settings.php:88
actionadmin_footeradmin\class-wc-ls-settings.php:89
actionadmin_headadmin\class-wc-ls-settings.php:91
actionadmin_noticesadmin\class-wc-ls-settings.php:96
actionadmin_noticesadmin\class-wc-ls-settings.php:98
actionadmin_noticesadmin\class-wc-ls-settings.php:102
actionadmin_menuadmin\class-wc-ls-sync.php:149
actionadmin_noticesadmin\class-wc-ls-sync.php:150
actionadmin_noticesadmin\class-wc-ls-sync.php:151
actionadmin_footeradmin\class-wc-ls-sync.php:152
actionadmin_noticesadmin\class-woocommerce-orders.php:65
actionadmin_noticesadmin\class-woocommerce-orders.php:66
actionadmin_noticesadmin\class-woocommerce-orders.php:68
actionwoocommerce_order_status_completedadmin\class-woocommerce-orders.php:71
actionwoocommerce_process_shop_order_metaadmin\class-woocommerce-orders.php:72
actionadmin_footeradmin\class-woocommerce-orders.php:74
filterhttp_request_timeoutincludes\api\class-api.php:659
actionrest_api_initincludes\api\class-rest-api.php:30
filterhttp_request_timeoutincludes\api\class-wc-ls-api.php:1556
actionwc_ls_sync_products_queueincludes\background-runs\class-wc-ls-scheduler.php:47
actionadmin_noticesincludes\class-loystar.php:126
actioninitincludes\class-loystar.php:196
actionadmin_noticesincludes\class-wc-loystar.php:127
actioninitincludes\class-wc-loystar.php:206
actioninitincludes\class-wc-loystar.php:215
actionbefore_woocommerce_initloystar.php:90
actionplugins_loadedloystar.php:100
actionadmin_noticesloystar.php:120
actionwc_loystar_clear_sync_progressloystar.php:145
filtercron_schedulesloystar.php:154
actionwc_loystar_sync_products_cronloystar.php:190
actionwp_enqueue_scriptspublic\class-wc-ls-checkout.php:20
actionwp_enqueue_scriptspublic\class-wc-ls-checkout.php:21
filterwoocommerce_billing_fieldspublic\class-wc-ls-checkout.php:23
actionwoocommerce_after_checkout_validationpublic\class-wc-ls-checkout.php:24
actionwoocommerce_thankyoupublic\class-wc-ls-checkout.php:25
actionwoocommerce_add_cart_item_datapublic\class-wc-ls-product-sync.php:15
actionwoocommerce_before_single_productpublic\class-wc-ls-product-sync.php:18
actionwp_enqueue_scriptspublic\class-woocommerce-checkout.php:20
actionwp_enqueue_scriptspublic\class-woocommerce-checkout.php:21
filterwoocommerce_billing_fieldspublic\class-woocommerce-checkout.php:23
actionwoocommerce_after_checkout_validationpublic\class-woocommerce-checkout.php:24
actionwoocommerce_thankyoupublic\class-woocommerce-checkout.php:25
actionwoocommerce_add_cart_item_datapublic\class-woocommerce-product.php:15
actionwoocommerce_before_single_productpublic\class-woocommerce-product.php:17

Scheduled Events 5

wc_loystar_clear_sync_progress
wc_loystar_clear_sync_progress
woocommerce_flush_rewrite_rules
woocommerce_flush_rewrite_rules
wc_loystar_sync_products_cron
Maintenance & Trust

Loystar for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.0
Last updatedSep 29, 2025
PHP min version7.4
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Loystar for WooCommerce Alternatives

LoyaltyX – Points and Rewards for WooCommerce – Build Customer Loyalty Program and Reward Purchases

LoyaltyX – Points and Rewards for WooCommerce – Build Customer Loyalty Program and Reward Purchases

loyaltyx-points-and-rewards-for-woocommerce

A
100

Add a WooCommerce points and rewards program to your store. Customers earn points on every purchase and redeem them for discounts on cart & checkout.

10 No CVEs
HostPlugin – WooCommerce Points & Rewards

HostPlugin – WooCommerce Points & Rewards

hostplugin-woocommerce-points-and-rewards

A
85

Reward your loyal customers for purchases and other actions using points which can be redeemed for discounts on future purchase.

50 No CVEs
Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

mycred

C
62

A WordPress gamification plugin is also a points management system. Award ranks, loyalty points and rewards or WooCommerce rewards to your users.

10K 1 unpatched
Easy Loyalty Points and Rewards for WooCommerce

Easy Loyalty Points and Rewards for WooCommerce

easy-loyalty-points-and-rewards-for-woocommerce

A
85

A lightweight, easy to use customer loyalty system for WooCommerce.

400 No CVEs
Simple Points and Rewards for WooCommerce – Create a Loyalty Program

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

simple-points-and-rewards

A
100

WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.

100 No CVEs
Developer Profile

Loystar for WooCommerce Developer Profile

Loystar

1 plugin · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Loystar for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/loystar-woocommerce-loyalty-program/admin/css/ls-admin-styles.css/wp-content/plugins/loystar-woocommerce-loyalty-program/admin/js/ls-admin-script.js/wp-content/plugins/loystar-woocommerce-loyalty-program/public/css/loystar-style.css/wp-content/plugins/loystar-woocommerce-loyalty-program/public/js/loystar-script.js/wp-content/plugins/loystar-woocommerce-loyalty-program/includes/background-runs/js/ls-background-runner.js
Script Paths
/wp-content/plugins/loystar-woocommerce-loyalty-program/admin/js/ls-admin-script.js/wp-content/plugins/loystar-woocommerce-loyalty-program/public/js/loystar-script.js/wp-content/plugins/loystar-woocommerce-loyalty-program/includes/background-runs/js/ls-background-runner.js
Version Parameters
loystar-woocommerce-loyalty-program/admin/css/ls-admin-styles.css?ver=loystar-woocommerce-loyalty-program/admin/js/ls-admin-script.js?ver=loystar-woocommerce-loyalty-program/public/css/loystar-style.css?ver=loystar-woocommerce-loyalty-program/public/js/loystar-script.js?ver=loystar-woocommerce-loyalty-program/includes/background-runs/js/ls-background-runner.js?ver=

HTML / DOM Fingerprints

CSS Classes
wc_loystar_admin_noticeloystar-sync-progress-barls-dashboard-widget
HTML Comments
<!-- Loystar Sync Progress Indicator --><!-- Loystar Admin Notice --><!-- Loystar Dashboard Widget -->
Data Attributes
data-ls-merchant-iddata-ls-loyalty-urldata-ls-client-tokendata-ls-ajax-urldata-ls-sync-nonce
JS Globals
wc_loystar_ajax_objectloystar_admin_script_paramsloystar_sync_progress_data
FAQ

Frequently Asked Questions about Loystar for WooCommerce