Does Reward Points for Woocommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Reward Points for Woocommerce compatible with WordPress 6.2.9?

According to WordPress.org data, Reward Points for Woocommerce 4.6.0 has been tested up to WordPress 6.2.9. Check the plugin's changelog for the latest compatibility information.

How often is Reward Points for Woocommerce updated?

Reward Points for Woocommerce was last updated on Aug 1, 2023. Frequent updates are generally a positive security signal.

What is Reward Points for Woocommerce's security score?

Reward Points for Woocommerce has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Reward Points for Woocommerce Security & Risk Analysis

wordpress.org/plugins/reward-points-for-woocommerce

It is a plugin which provides the customers to get the reward points on the basis of the purchase of the products or the money spent by them.

50 active installs v4.6.0 PHP + WP 4.0+ Updated Aug 1, 2023

phoeniixxpointsreward-pointswoocommercewoocommerce-reward

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Reward Points for Woocommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Reward Points for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The "reward-points-for-woocommerce" v4.6.0 plugin presents a mixed security posture. While it has no recorded vulnerabilities in its history, indicating a generally stable past, the static analysis reveals significant concerns that warrant attention. The plugin exposes two AJAX endpoints, both of which lack proper authentication checks. This is a critical weakness, as it allows any unauthenticated user to potentially interact with these sensitive functions, leading to unintended actions or data manipulation. Furthermore, the presence of "unserialize" as a dangerous function, combined with a high percentage of unsanitized paths in taint analysis, raises red flags for potential remote code execution or deserialization vulnerabilities if user-controlled data is passed to "unserialize" without sufficient validation. The low percentage of properly escaped output also suggests a risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

AJAX handlers without auth checks
Dangerous function unserialize detected
High percentage of unsanitized taint paths
Low percentage of properly escaped output

Vulnerabilities

None known

Reward Points for Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Reward Points for Woocommerce Release Timeline

v4.6

v4.5

v4.4

v4.3

v4.2

v4.1

v4.0

v3.4

v3.3

v3.2

v3.1

v3.0

v2.4

v2.3

v2.2

v2.1

v2.0

v1.9

v1.8

v1.7

Code Analysis

Analyzed Mar 16, 2026

Reward Points for Woocommerce Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

147

93 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$phoen_rewts_order_point_mail_heading_color = unserialize (HEADING_COLOR);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:5

unserialize$phoen_rewts_order_point_mail_heading = unserialize (ORDER_HEADING);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:6

unserialize$phoen_rewts_order_point_mail_message = unserialize (ORDER_MESSAGE);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:7

unserialize$order_id = unserialize (ORDER_ID);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:9

unserialize$user_id = unserialize (USER_ID);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:10

unserialize$phoen_current_dates_update = unserialize (ORDER_DATE);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:11

unserialize$bill_price = unserialize (ORDER_AMOUNT);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:12

unserialize$total_earn_point = unserialize (TOTAL_EARN_POINT);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:13

unserialize$subject = unserialize (REF_SUBJECT);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_rewpts_send_ref_code.php:5

unserialize$message = unserialize (REF_MESSAGE);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_rewpts_send_ref_code.php:6

unserialize$ref_code = unserialize (REF_CODE);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_rewpts_send_ref_code.php:7

SQL Query Safety

75% prepared4 total queries

Output Escaping

39% escaped240 total outputs

Data Flows · Security

6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths

column_add_reward (admin\phoen-reward-backend\customer-reports\phoen_all_user_wp_list_table.php:141)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Reward Points for Woocommerce Attack Surface

Entry Points2

Unprotected2

AJAX Handlers 2

authwp_ajax_phoe_referral_code_completedadmin\class-phoen-rewpts-admin.php:55

noprivwp_ajax_phoe_referral_code_completedadmin\class-phoen-rewpts-admin.php:57

WordPress Hooks 36

actionplugins_loadedincludes\class-phoen-rewpts.php:142

actionadmin_enqueue_scriptsincludes\class-phoen-rewpts.php:157

actionadmin_enqueue_scriptsincludes\class-phoen-rewpts.php:158

actionadmin_menuincludes\class-phoen-rewpts.php:159

actionshow_user_profileincludes\class-phoen-rewpts.php:161

actionedit_user_profileincludes\class-phoen-rewpts.php:162

actionpersonal_options_updateincludes\class-phoen-rewpts.php:163

actionedit_user_profile_updateincludes\class-phoen-rewpts.php:164

actionwp_enqueue_scriptsincludes\class-phoen-rewpts.php:183

actionwp_enqueue_scriptsincludes\class-phoen-rewpts.php:185

actionwp_headincludes\class-phoen-rewpts.php:187

actionwp_loadedincludes\class-phoen-rewpts.php:189

actionwoocommerce_checkout_order_processedincludes\class-phoen-rewpts.php:191

filterwoocommerce_review_order_before_submitincludes\class-phoen-rewpts.php:193

actionwoocommerce_checkout_order_processedincludes\class-phoen-rewpts.php:195

actionwoocommerce_edit_account_formincludes\class-phoen-rewpts.php:197

actionwoocommerce_save_account_detailsincludes\class-phoen-rewpts.php:199

actioninitpublic\class-phoen-rewpts-public.php:81

filterwoocommerce_account_orders_columnspublic\class-phoen-rewpts-public.php:85

actionwoocommerce_my_account_my_orders_column_custom-columnpublic\class-phoen-rewpts-public.php:86

actionwoocommerce_after_cart_tablepublic\phoen-reward-frontend\phoen_cart_page_class.php:13

actionwoocommerce_before_cart_tablepublic\phoen-reward-frontend\phoen_cart_page_class.php:13

actionwoocommerce_before_cartpublic\phoen-reward-frontend\phoen_cart_page_class.php:17

actionwoocommerce_before_checkout_formpublic\phoen-reward-frontend\phoen_checkout_page_class.php:11

actionwoocommerce_before_checkout_formpublic\phoen-reward-frontend\phoen_checkout_page_class.php:15

actioninitpublic\phoen-reward-frontend\phoen_customer_point_class.php:12

filterquery_varspublic\phoen-reward-frontend\phoen_customer_point_class.php:13

actionwoocommerce_account_reward-point_endpointpublic\phoen-reward-frontend\phoen_customer_point_class.php:14

filterwoocommerce_account_menu_itemspublic\phoen-reward-frontend\phoen_customer_point_class.php:15

filterwoocommerce_account_menu_itemspublic\phoen-reward-frontend\phoen_customer_point_class.php:19

actionwp_loadedpublic\phoen-reward-frontend\phoen_customer_point_class.php:22

actionwoocommerce_register_form_startpublic\phoen-reward-frontend\phoen_rewpts_login_sign-up.php:5

filterwoocommerce_process_registration_errorspublic\phoen-reward-frontend\phoen_rewpts_login_sign-up.php:6

actionwoocommerce_created_customerpublic\phoen-reward-frontend\phoen_rewpts_login_sign-up.php:8

actionwoocommerce_after_add_to_cart_buttonpublic\phoen-reward-frontend\phoen_single_product_class.php:10

actionwoocommerce_before_add_to_cart_buttonpublic\phoen-reward-frontend\phoen_single_product_class.php:12

Maintenance & Trust

Reward Points for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9

Last updatedAug 1, 2023

PHP min version

Downloads34K

Community Trust

Rating72/100

Number of ratings28

Active installs50

Alternatives

Reward Points for Woocommerce Alternatives

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

simple-points-and-rewards

100

WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.

200 No CVEs

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program)

loyaltyx-points-and-rewards-for-woocommerce

100

A lightweight WooCommerce points and rewards plugin to run a loyalty program where customers earn points on purchases and redeem them for discounts.

10 No CVEs

Loyalty Points and Rewards for Square

loyalty-points-and-rewards-for-square

100

Add a Square loyalty program to WooCommerce store. Enable customers to earn and track reward points automatically with Square loyalty integration.

0 No CVEs

Qe Reward Points for WooCommerce

qe-reward-points-for-woocommerce

100

A powerful loyalty system for WooCommerce that allows customers to earn and redeem reward points.

0 No CVEs

Reward Points for wc-marketplace

reward-points-for-wc-marketplace

Reward points for wc-marketplace is used to add reward point system to your woocommerce store in which your store has multiple vendors.

0 No CVEs

Developer Profile

Reward Points for Woocommerce Developer Profile

Phoeniixx

25 plugins · 5K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Reward Points for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/reward-points-for-woocommerce/css/phoen-rewpts-admin.css/wp-content/plugins/reward-points-for-woocommerce/css/phoen_rewpts_backend.css/wp-content/plugins/reward-points-for-woocommerce/js/phoen-rewpts-admin.js/wp-content/plugins/reward-points-for-woocommerce/js/pagination.js

Script Paths

js/phoen-rewpts-admin.jsjs/pagination.js

Version Parameters

reward-points-for-woocommerce/css/phoen-rewpts-admin.css?ver=reward-points-for-woocommerce/css/phoen_rewpts_backend.css?ver=reward-points-for-woocommerce/js/phoen-rewpts-admin.js?ver=reward-points-for-woocommerce/js/pagination.js?ver=

HTML / DOM Fingerprints

CSS Classes

woo-nav-tab-wrapper

FAQ

Reward Points for Woocommerce Security & Risk Analysis

Is Reward Points for Woocommerce Safe to Use in 2026?

Generally Safe

Key Concerns

Reward Points for Woocommerce Security Vulnerabilities

Reward Points for Woocommerce Release Timeline

Reward Points for Woocommerce Code Analysis

Dangerous Functions Found

SQL Query Safety

Output Escaping

Data Flow Analysis

Reward Points for Woocommerce Attack Surface

AJAX Handlers 2

Reward Points for Woocommerce Maintenance & Trust

Maintenance Signals

Community Trust

Reward Points for Woocommerce Alternatives

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program)

Loyalty Points and Rewards for Square

Qe Reward Points for WooCommerce

Reward Points for wc-marketplace

Reward Points for Woocommerce Developer Profile

How We Detect Reward Points for Woocommerce

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about Reward Points for Woocommerce