Does Lynked Loyalty have any unpatched vulnerabilities?

No. All known vulnerabilities in Lynked Loyalty have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Lynked Loyalty compatible with WordPress 6.7.5?

According to WordPress.org data, Lynked Loyalty 1.2.8 has been tested up to WordPress 6.7.5. Check the plugin's changelog for the latest compatibility information.

Is Lynked Loyalty compatible with PHP 7.0+?

Lynked Loyalty requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Lynked Loyalty updated?

Lynked Loyalty was last updated on Oct 14, 2025. Frequent updates are generally a positive security signal.

What is Lynked Loyalty's security score?

Lynked Loyalty has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Lynked Loyalty Security & Risk Analysis

wordpress.org/plugins/lynked-loyalty

Lynked Loyalty's Woocommerce plugin lets businesses integrate our rewards system both online and in-store, offering a seamless and modern loyalty …

0 active installs v1.2.8 PHP 7.0+ WP 5.3+ Updated Oct 14, 2025

freeloyaltyreferralsrewardswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Lynked Loyalty Safe to Use in 2026?

Generally Safe

Score 100/100

Lynked Loyalty has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5mo ago

Risk Assessment

The "lynked-loyalty" plugin v1.2.8 exhibits a concerning security posture due to a significant number of unprotected entry points. All 8 REST API routes lack proper permission callbacks, exposing them to unauthenticated access. Additionally, the presence of a dangerous `unserialize` function without any nonce checks or capability checks raises immediate red flags for potential remote code execution or data manipulation vulnerabilities. The lack of proper output escaping on 50% of outputs also presents a risk of cross-site scripting (XSS) attacks.

While the plugin demonstrates good practices in using prepared statements for SQL queries and has no recorded historical vulnerabilities, these strengths are overshadowed by the critical weaknesses identified in the static analysis. The absence of any taint analysis flows being reported is also notable, but this could be due to the limitations of the analysis itself or the absence of complex data flows. The overall risk is high due to the readily exploitable attack surface and the presence of known dangerous functions without proper safeguards.

In conclusion, despite having no known CVEs and using prepared statements, the plugin's architecture presents significant security vulnerabilities. The numerous unprotected REST API routes and the unhardened `unserialize` function create a high likelihood of exploitation. Remediation efforts should prioritize securing these entry points and sanitizing any data processed by the `unserialize` function.

Key Concerns

Unprotected REST API routes
Dangerous function 'unserialize' used
Missing nonce checks
Missing capability checks
Unescaped output found

Vulnerabilities

None known

Lynked Loyalty Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

Lynked Loyalty Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserializereturn rest_ensure_response(['status' => true, 'settings' => unserialize($quotes), 'default_login_urlynked-loyalty.php:81

Output Escaping

50% escaped2 total outputs

Attack Surface

8 unprotected

Lynked Loyalty Attack Surface

Entry Points8

Unprotected8

REST API Routes 8

GET/wp-json/lynked/lynked-plugin-settings-savelynked-loyalty.php:68

GET/wp-json/lynked/lynked-plugin-settings-getlynked-loyalty.php:86

GET/wp-json/lynked/connect-businesslynked-loyalty.php:252

GET/wp-json/lynkedshop-infolynked-loyalty.php:283

GET/wp-json/lynkeddiscountlynked-loyalty.php:337

GET/wp-json/lynkedgf-infolynked-loyalty.php:516

GET/wp-json/lynkedgf-formslynked-loyalty.php:537

GET/wp-json/lynkedgf-fieldslynked-loyalty.php:561

WordPress Hooks 23

actionadmin_menulynked-loyalty.php:15

actionrest_api_initlynked-loyalty.php:75

actionrest_api_initlynked-loyalty.php:93

actionregister_formlynked-loyalty.php:104

actionuser_registerlynked-loyalty.php:113

actionwoocommerce_register_formlynked-loyalty.php:115

actionwoocommerce_created_customerlynked-loyalty.php:125

actiongform_user_registeredlynked-loyalty.php:132

actionadmin_enqueue_scriptslynked-loyalty.php:159

actionwp_headlynked-loyalty.php:182

actionwp_loginlynked-loyalty.php:192

actionwp_logoutlynked-loyalty.php:193

actionrest_api_initlynked-loyalty.php:261

actionrest_api_initlynked-loyalty.php:276

actionrest_api_initlynked-loyalty.php:330

actionactivated_pluginlynked-loyalty.php:347

actionwoocommerce_order_status_completedlynked-loyalty.php:350

actionuser_registerlynked-loyalty.php:443

actiontemplate_redirectlynked-loyalty.php:484

actionwoocommerce_thankyoulynked-loyalty.php:489

actionrest_api_initlynked-loyalty.php:509

actionrest_api_initlynked-loyalty.php:530

actionrest_api_initlynked-loyalty.php:554

Maintenance & Trust

Lynked Loyalty Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5

Last updatedOct 14, 2025

PHP min version7.0

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Lynked Loyalty Alternatives

RewardsWP – Loyalty Points & Referral Program for WooCommerce

rewardswp

Turn customers into brand advocates with loyalty points and referral programs for WooCommerce and Easy Digital Downloads.

90 1 CVE

MyRewards

woorewards

Free top-rated points and rewards program to retain your customers, grow your sales and get new customers.

3K 2 CVEs

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty

wployalty

100

Create WooCommerce points and rewards program with WPLoyalty to increase customer loyalty and boost sales. Reward customers to drive repeat purchases.

3K No CVEs

Easy Loyalty Points and Rewards for WooCommerce

easy-loyalty-points-and-rewards-for-woocommerce

A lightweight, easy to use customer loyalty system for WooCommerce.

400 No CVEs

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

simple-points-and-rewards

100

WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.

100 No CVEs

Developer Profile

Lynked Loyalty Developer Profile

Lynked Loyalty

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Lynked Loyalty

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/lynked-loyalty/build/admin.css/wp-content/plugins/lynked-loyalty/build/admin.js/wp-content/plugins/lynked-loyalty/build/index.css/wp-content/plugins/lynked-loyalty/build/index.js

Version Parameters

lynked-admin-style?ver=lynked-admin-script?ver=lynked-style?ver=lynked-script?ver=

HTML / DOM Fingerprints

CSS Classes

lynkedloyalty

Data Attributes

data-login-page

JS Globals

wpApiSettings

REST Endpoints

/wp-json/lynked/lynked-plugin-settings-save/wp-json/lynked/lynked-plugin-settings-get

Shortcode Output

<div id="lynked-store"

FAQ