WP-Safety

Reward Points for Woocommerce Security & Risk Analysis

wordpress.org/plugins/reward-points-for-woocommerce

It is a plugin which provides the customers to get the reward points on the basis of the purchase of the products or the money spent by them.

50 active installs v4.6.0 PHP + WP 4.0+ Updated Aug 1, 2023
phoeniixxpointsreward-pointswoocommercewoocommerce-reward
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Reward Points for Woocommerce Safe to Use in 2026?

Generally Safe

Score 85/100

Reward Points for Woocommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago
Risk Assessment

The "reward-points-for-woocommerce" v4.6.0 plugin presents a mixed security posture. While it has no recorded vulnerabilities in its history, indicating a generally stable past, the static analysis reveals significant concerns that warrant attention. The plugin exposes two AJAX endpoints, both of which lack proper authentication checks. This is a critical weakness, as it allows any unauthenticated user to potentially interact with these sensitive functions, leading to unintended actions or data manipulation. Furthermore, the presence of "unserialize" as a dangerous function, combined with a high percentage of unsanitized paths in taint analysis, raises red flags for potential remote code execution or deserialization vulnerabilities if user-controlled data is passed to "unserialize" without sufficient validation. The low percentage of properly escaped output also suggests a risk of cross-site scripting (XSS) vulnerabilities.

Key Concerns

  • AJAX handlers without auth checks
  • Dangerous function unserialize detected
  • High percentage of unsanitized taint paths
  • Low percentage of properly escaped output
Vulnerabilities
None known

Reward Points for Woocommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Reward Points for Woocommerce Code Analysis

Dangerous Functions
11
Raw SQL Queries
1
3 prepared
Unescaped Output
147
93 escaped
Nonce Checks
5
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$phoen_rewts_order_point_mail_heading_color = unserialize (HEADING_COLOR);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:5
unserialize$phoen_rewts_order_point_mail_heading = unserialize (ORDER_HEADING);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:6
unserialize$phoen_rewts_order_point_mail_message = unserialize (ORDER_MESSAGE);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:7
unserialize$order_id = unserialize (ORDER_ID);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:9
unserialize$user_id = unserialize (USER_ID);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:10
unserialize$phoen_current_dates_update = unserialize (ORDER_DATE);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:11
unserialize$bill_price = unserialize (ORDER_AMOUNT);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:12
unserialize$total_earn_point = unserialize (TOTAL_EARN_POINT);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_reward_point_mail.php:13
unserialize$subject = unserialize (REF_SUBJECT);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_rewpts_send_ref_code.php:5
unserialize$message = unserialize (REF_MESSAGE);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_rewpts_send_ref_code.php:6
unserialize$ref_code = unserialize (REF_CODE);admin\phoen-reward-backend\phoen-reward-point-mail\phoen_rewpts_send_ref_code.php:7

SQL Query Safety

75% prepared4 total queries

Output Escaping

39% escaped240 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

9 flows6 with unsanitized paths
column_add_reward (admin\phoen-reward-backend\customer-reports\phoen_all_user_wp_list_table.php:141)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Reward Points for Woocommerce Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_phoe_referral_code_completedadmin\class-phoen-rewpts-admin.php:55
noprivwp_ajax_phoe_referral_code_completedadmin\class-phoen-rewpts-admin.php:57
WordPress Hooks 36
actionplugins_loadedincludes\class-phoen-rewpts.php:142
actionadmin_enqueue_scriptsincludes\class-phoen-rewpts.php:157
actionadmin_enqueue_scriptsincludes\class-phoen-rewpts.php:158
actionadmin_menuincludes\class-phoen-rewpts.php:159
actionshow_user_profileincludes\class-phoen-rewpts.php:161
actionedit_user_profileincludes\class-phoen-rewpts.php:162
actionpersonal_options_updateincludes\class-phoen-rewpts.php:163
actionedit_user_profile_updateincludes\class-phoen-rewpts.php:164
actionwp_enqueue_scriptsincludes\class-phoen-rewpts.php:183
actionwp_enqueue_scriptsincludes\class-phoen-rewpts.php:185
actionwp_headincludes\class-phoen-rewpts.php:187
actionwp_loadedincludes\class-phoen-rewpts.php:189
actionwoocommerce_checkout_order_processedincludes\class-phoen-rewpts.php:191
filterwoocommerce_review_order_before_submitincludes\class-phoen-rewpts.php:193
actionwoocommerce_checkout_order_processedincludes\class-phoen-rewpts.php:195
actionwoocommerce_edit_account_formincludes\class-phoen-rewpts.php:197
actionwoocommerce_save_account_detailsincludes\class-phoen-rewpts.php:199
actioninitpublic\class-phoen-rewpts-public.php:81
filterwoocommerce_account_orders_columnspublic\class-phoen-rewpts-public.php:85
actionwoocommerce_my_account_my_orders_column_custom-columnpublic\class-phoen-rewpts-public.php:86
actionwoocommerce_after_cart_tablepublic\phoen-reward-frontend\phoen_cart_page_class.php:13
actionwoocommerce_before_cart_tablepublic\phoen-reward-frontend\phoen_cart_page_class.php:13
actionwoocommerce_before_cartpublic\phoen-reward-frontend\phoen_cart_page_class.php:17
actionwoocommerce_before_checkout_formpublic\phoen-reward-frontend\phoen_checkout_page_class.php:11
actionwoocommerce_before_checkout_formpublic\phoen-reward-frontend\phoen_checkout_page_class.php:15
actioninitpublic\phoen-reward-frontend\phoen_customer_point_class.php:12
filterquery_varspublic\phoen-reward-frontend\phoen_customer_point_class.php:13
actionwoocommerce_account_reward-point_endpointpublic\phoen-reward-frontend\phoen_customer_point_class.php:14
filterwoocommerce_account_menu_itemspublic\phoen-reward-frontend\phoen_customer_point_class.php:15
filterwoocommerce_account_menu_itemspublic\phoen-reward-frontend\phoen_customer_point_class.php:19
actionwp_loadedpublic\phoen-reward-frontend\phoen_customer_point_class.php:22
actionwoocommerce_register_form_startpublic\phoen-reward-frontend\phoen_rewpts_login_sign-up.php:5
filterwoocommerce_process_registration_errorspublic\phoen-reward-frontend\phoen_rewpts_login_sign-up.php:6
actionwoocommerce_created_customerpublic\phoen-reward-frontend\phoen_rewpts_login_sign-up.php:8
actionwoocommerce_after_add_to_cart_buttonpublic\phoen-reward-frontend\phoen_single_product_class.php:10
actionwoocommerce_before_add_to_cart_buttonpublic\phoen-reward-frontend\phoen_single_product_class.php:12
Maintenance & Trust

Reward Points for Woocommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.2.9
Last updatedAug 1, 2023
PHP min version
Downloads34K

Community Trust

Rating72/100
Number of ratings28
Active installs50
Alternatives

Reward Points for Woocommerce Alternatives

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

simple-points-and-rewards

A
100

WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.

100 No CVEs
XT Points & Rewards for WooCommerce

XT Points & Rewards for WooCommerce

xt-woo-points-rewards

A
92

Points and Rewards for WooCommerce that lets you reward your customers for purchases and other actions with points that can be redeemed for discounts.

90 No CVEs
LoyaltyX – Points and Rewards for WooCommerce – Build Customer Loyalty Program and Reward Purchases

LoyaltyX – Points and Rewards for WooCommerce – Build Customer Loyalty Program and Reward Purchases

loyaltyx-points-and-rewards-for-woocommerce

A
100

Add a WooCommerce points and rewards program to your store. Customers earn points on every purchase and redeem them for discounts on cart & checkout.

10 No CVEs
Reward Points for wc-marketplace

Reward Points for wc-marketplace

reward-points-for-wc-marketplace

A
85

Reward points for wc-marketplace is used to add reward point system to your woocommerce store in which your store has multiple vendors.

0 No CVEs
SysBasics Customize My Account for WooCommerce

SysBasics Customize My Account for WooCommerce

customize-my-account-for-woocommerce

A
98

Optimize your WooCommerce My account page also add new endpoints and manage existing endpoints with ease.

9K 3 CVEs
Developer Profile

Reward Points for Woocommerce Developer Profile

Phoeniixx

25 plugins · 5K total installs

85
trust score
Avg Security Score
87/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Reward Points for Woocommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/reward-points-for-woocommerce/css/phoen-rewpts-admin.css/wp-content/plugins/reward-points-for-woocommerce/css/phoen_rewpts_backend.css/wp-content/plugins/reward-points-for-woocommerce/js/phoen-rewpts-admin.js/wp-content/plugins/reward-points-for-woocommerce/js/pagination.js
Script Paths
js/phoen-rewpts-admin.jsjs/pagination.js
Version Parameters
reward-points-for-woocommerce/css/phoen-rewpts-admin.css?ver=reward-points-for-woocommerce/css/phoen_rewpts_backend.css?ver=reward-points-for-woocommerce/js/phoen-rewpts-admin.js?ver=reward-points-for-woocommerce/js/pagination.js?ver=

HTML / DOM Fingerprints

CSS Classes
woo-nav-tab-wrapper
FAQ

Frequently Asked Questions about Reward Points for Woocommerce