WP-Safety

Rewardix – Mystery Scratch Coupon for WooCommerce Security & Risk Analysis

wordpress.org/plugins/mystery-scratch-coupon-for-woocommerce

Professional gamified discount system with analytics, tiered rewards, email campaigns, and advanced targeting.

0 active installs v1.0.0 PHP 7.4+ WP 5.0+ Updated Apr 15, 2026
coupondiscountgamificationscratchwoocommerce
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Rewardix – Mystery Scratch Coupon for WooCommerce Safe to Use in 2026?

Generally Safe

Score 100/100

Rewardix – Mystery Scratch Coupon for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The "mystery-scratch-coupon-for-woocommerce" plugin v1.0.0 exhibits a mixed security posture. On the positive side, it demonstrates good practices by utilizing prepared statements for all SQL queries and ensuring almost all output is properly escaped. The absence of dangerous functions, file operations, and external HTTP requests is also encouraging. Furthermore, the plugin has no recorded vulnerabilities or CVEs, suggesting a history of relatively secure development.

However, significant concerns arise from the attack surface and taint analysis. Four out of six AJAX handlers lack authentication checks, creating a substantial entry point for unauthorized actions. The taint analysis reveals two flows with unsanitized paths, indicating potential for vulnerabilities that could be exploited through these paths, despite the absence of critical or high severity findings in the taint analysis itself. The presence of nonce checks on all AJAX handlers would significantly mitigate the risks associated with the unprotected AJAX endpoints.

In conclusion, while the plugin shows strengths in its handling of SQL and output, the unprotected AJAX endpoints and unsanitized paths represent notable weaknesses. Addressing the unprotected AJAX handlers and further investigating the identified unsanitized taint flows are crucial steps for improving its security.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
Vulnerabilities
None known

Rewardix – Mystery Scratch Coupon for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

Rewardix – Mystery Scratch Coupon for WooCommerce Release Timeline

v1.0.0Current
Code Analysis
Analyzed Apr 16, 2026

Rewardix – Mystery Scratch Coupon for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
20 prepared
Unescaped Output
4
481 escaped
Nonce Checks
6
Capability Checks
7
File Operations
0
External Requests
0
Bundled Libraries
0

SQL Query Safety

100% prepared20 total queries

Output Escaping

99% escaped485 total outputs
Data Flows · Security
2 unsanitized

Data Flow Analysis

3 flows2 with unsanitized paths
mscw_settings_page (includes/admin-pages.php:467)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

Rewardix – Mystery Scratch Coupon for WooCommerce Attack Surface

Entry Points7
Unprotected4

AJAX Handlers 6

authwp_ajax_mscw_reveal_rewardincludes/class-mscw-init.php:79
noprivwp_ajax_mscw_reveal_rewardincludes/class-mscw-init.php:80
authwp_ajax_mscw_mark_playedincludes/class-mscw-init.php:81
noprivwp_ajax_mscw_mark_playedincludes/class-mscw-init.php:82
authwp_ajax_mscw_apply_coupon_ajaxincludes/rewards.php:246
noprivwp_ajax_mscw_apply_coupon_ajaxincludes/rewards.php:247

Shortcodes 1

[mystery_scratch_card] includes/display.php:204
WordPress Hooks 15
actionadmin_menuincludes/class-mscw-init.php:33
actionadmin_initincludes/class-mscw-init.php:34
actionadmin_enqueue_scriptsincludes/class-mscw-init.php:35
actionwp_enqueue_scriptsincludes/class-mscw-init.php:50
actionwp_footerincludes/class-mscw-init.php:56
actionwoocommerce_before_checkout_formincludes/class-mscw-init.php:71
filterwoocommerce_coupon_is_validincludes/class-mscw-init.php:85
filterwoocommerce_coupon_errorincludes/class-mscw-init.php:86
actionwoocommerce_checkout_update_order_reviewincludes/class-mscw-init.php:89
actionwoocommerce_order_status_completedincludes/class-mscw-init.php:92
actionwoocommerce_order_status_processingincludes/class-mscw-init.php:93
actionwoocommerce_payment_completeincludes/class-mscw-init.php:94
actionwoocommerce_thankyouincludes/class-mscw-init.php:95
actionmscw_send_follow_up_emailsincludes/class-mscw-init.php:102
actionplugins_loadedmystery-scratch-coupon-for-woocommerce.php:73

Scheduled Events 1

mscw_send_follow_up_emails
Maintenance & Trust

Rewardix – Mystery Scratch Coupon for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 15, 2026
PHP min version7.4
Downloads44

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

Rewardix – Mystery Scratch Coupon for WooCommerce Alternatives

Discount Rules for WooCommerce

Discount Rules for WooCommerce

woo-discount-rules

A
97

The discount plugin for WooCommerce helps you create bulk discount, quantity discount, storewide sale, dynamic pricing discount offers easily.

100K 4 CVEs
Smart Coupons For WooCommerce Coupons

Smart Coupons For WooCommerce Coupons

wt-smart-coupons-for-woocommerce

A
99

Best WooCommerce coupons plugin to create advanced coupons and discount codes with auto-apply, BOGO, free shipping, giveaways, and discount rules.

30K 1 CVE
Advanced Dynamic Pricing and Discount Rules for WooCommerce

Advanced Dynamic Pricing and Discount Rules for WooCommerce

advanced-dynamic-pricing-for-woocommerce

A
93

The discount plugin for WooCommerce supports any dynamic pricing discount: bulk discount, role discount, storewide, bogo, gifts, cart discount

20K 7 CVEs
Power Coupons for WooCommerce

Power Coupons for WooCommerce

power-coupons

A
100

WordPress coupon plugin for WooCommerce that auto-applies discounts with flexible rules and dynamic cart incentives—no codes required.

10K No CVEs
Extended Coupon Features for WooCommerce FREE

Extended Coupon Features for WooCommerce FREE

woocommerce-auto-added-coupons

A
100

Additional functionality for WooCommerce Coupons: Allow discounts to be automatically applied, applying coupons via url, etc...

10K No CVEs
Developer Profile

Rewardix – Mystery Scratch Coupon for WooCommerce Developer Profile

Naked Cat Plugins

17 plugins · 12K total installs

99
trust score
Avg Security Score
98/100
Avg Patch Time
5 days
View full developer profile
Detection Fingerprints

How We Detect Rewardix – Mystery Scratch Coupon for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/mystery-scratch-coupon-for-woocommerce/assets/mscw-style.css/wp-content/plugins/mystery-scratch-coupon-for-woocommerce/assets/mscw-script.js/wp-content/plugins/mystery-scratch-coupon-for-woocommerce/assets/admin/mscw-admin.css/wp-content/plugins/mystery-scratch-coupon-for-woocommerce/assets/admin/chart.min.js/wp-content/plugins/mystery-scratch-coupon-for-woocommerce/assets/admin/mscw-admin.js
Script Paths
wp-content/plugins/mystery-scratch-coupon-for-woocommerce/assets/mscw-script.jswp-content/plugins/mystery-scratch-coupon-for-woocommerce/assets/admin/mscw-admin.js
Version Parameters
mystery-scratch-coupon-for-woocommerce/assets/mscw-style.css?ver=mystery-scratch-coupon-for-woocommerce/assets/mscw-script.js?ver=mystery-scratch-coupon-for-woocommerce/assets/admin/mscw-admin.css?ver=mystery-scratch-coupon-for-woocommerce/assets/admin/chart.min.js?ver=mystery-scratch-coupon-for-woocommerce/assets/admin/mscw-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
mscw-scratch-coupon
Data Attributes
data-mscw-promo-id
JS Globals
mscw_ajaxmscw_admin_ajaxmscwCopyCoupon
Shortcode Output
[mystery_scratch_coupon]
FAQ

Frequently Asked Questions about Rewardix – Mystery Scratch Coupon for WooCommerce