Does Simple Points and Rewards for WooCommerce – Create a Loyalty Program have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Simple Points and Rewards for WooCommerce – Create a Loyalty Program compatible with WordPress 6.9.4?

According to WordPress.org data, Simple Points and Rewards for WooCommerce – Create a Loyalty Program 1.10.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Simple Points and Rewards for WooCommerce – Create a Loyalty Program Security & Risk Analysis

wordpress.org/plugins/simple-points-and-rewards

WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.

200 active installs v1.10.1 PHP 7.4+ WP 6.0+ Updated Mar 20, 2026

loyaltypoints-and-rewardsreward-pointswoocommercewoocommerce-rewards

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Simple Points and Rewards for WooCommerce – Create a Loyalty Program Safe to Use in 2026?

Generally Safe

Score 100/100

Simple Points and Rewards for WooCommerce – Create a Loyalty Program has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The "simple-points-and-rewards" plugin v1.10.0 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries, a high percentage of properly escaped output, and a robust number of nonce and capability checks. The absence of known vulnerabilities and dangerous functions in its history is also a significant strength. However, a notable concern arises from the static analysis revealing 30 AJAX handlers, with one handler lacking authentication checks. Furthermore, the taint analysis identified 6 high-severity flows with unsanitized paths, which could potentially be exploited if an attacker can control the input to these flows. While the vulnerability history is clean, the presence of these specific code signals warrants attention. The plugin's overall security is reasonably good due to strong SQL and output handling, but the unprotected AJAX handler and high-severity unsanitized taint flows represent the primary areas of risk.

Key Concerns

Unprotected AJAX handler
High severity unsanitized taint flows

Vulnerabilities

None known

Simple Points and Rewards for WooCommerce – Create a Loyalty Program Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Simple Points and Rewards for WooCommerce – Create a Loyalty Program Release Timeline

v1.10.1Current

v1.10.0

v1.9.0

v1.8.0

v1.7.2

v1.7.1

v1.7.0

v1.6.0

v1.5.0

v1.4.0

v1.3.1

v1.3.0

v1.2.1

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.0

Code Analysis

Analyzed Mar 16, 2026

Simple Points and Rewards for WooCommerce – Create a Loyalty Program Code Analysis

Dangerous Functions

Raw SQL Queries

91 prepared

Unescaped Output

1681 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Freemius1.0

SQL Query Safety

100% prepared91 total queries

Output Escaping

94% escaped1780 total outputs

Data Flows · Security

6 unsanitized

Data Flow Analysis

15 flows6 with unsanitized paths

spar_referrals_admin_page (includes\admin\pages\referrals-page.php:7)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

1 unprotected

Simple Points and Rewards for WooCommerce – Create a Loyalty Program Attack Surface

Entry Points35

Unprotected1

AJAX Handlers 30

authwp_ajax_spar_get_cart_rewards_dataincludes\frontend\cart-checkout.php:2230

authwp_ajax_spar_get_rewards_headerincludes\frontend\cart-checkout.php:2323

noprivwp_ajax_spar_get_rewards_headerincludes\frontend\cart-checkout.php:2324

authwp_ajax_spar_get_rewards_boxincludes\frontend\cart-checkout.php:2348

noprivwp_ajax_spar_get_rewards_boxincludes\frontend\cart-checkout.php:2349

authwp_ajax_spar_redeem_reward_cartincludes\frontend\cart-checkout.php:2372

authwp_ajax_spar_update_customer_pointsincludes\functions-admin.php:1222

authwp_ajax_spar_update_user_statusincludes\functions-admin.php:1224

authwp_ajax_spar_load_points_historyincludes\functions-admin.php:1226

authwp_ajax_spar_load_referral_clicksincludes\functions-admin.php:1228

authwp_ajax_spar_admin_load_points_historyincludes\functions-admin.php:1229

authwp_ajax_spar_admin_load_referral_clicksincludes\functions-admin.php:1230

authwp_ajax_spar_admin_load_customer_ordersincludes\functions-admin.php:1231

authwp_ajax_spar_search_productsincludes\functions-admin.php:1233

authwp_ajax_spar_generate_rewards_pageincludes\functions-admin.php:1530

authwp_ajax_spar_get_page_linkincludes\functions-admin.php:1555

authwp_ajax_spar_get_coupon_edit_linkincludes\functions-admin.php:1588

authwp_ajax_spar_create_template_couponincludes\functions-admin.php:1592

authwp_ajax_spar_save_custom_potential_pointsincludes\functions-admin.php:1645

authwp_ajax_spar_award_order_points_adminincludes\functions-admin.php:1670

authwp_ajax_spar_generate_termsincludes\functions-admin.php:2306

authwp_ajax_spar_save_settings_ajaxincludes\functions-admin.php:2544

authwp_ajax_spar_preview_emailincludes\functions-email.php:433

authwp_ajax_spar_apply_voucher_to_cartincludes\functions-redeem-action.php:125

noprivwp_ajax_spar_apply_voucher_to_cartincludes\functions-redeem-action.php:126

authwp_ajax_spar_apply_points_redemptionincludes\functions-redeem-action.php:457

authwp_ajax_spar_remove_points_redemptionincludes\functions-redeem-action.php:556

authwp_ajax_spar_generate_referral_couponincludes\links\functions-referral-links.php:150

authwp_ajax_spar_check_referral_couponincludes\links\functions-referral-links.php:162

authwp_ajax_spar_migration_process_batchincludes\migration\migration.php:435

Shortcodes 5

[simple_points_rewards] includes\functions-shortcodes.php:254

[spar_points_rewards] includes\functions-shortcodes.php:260

[spar_redeem_discount_compact] includes\functions-shortcodes.php:276

[spar_checkout_rewards_box] includes\functions-shortcodes.php:300

[spar_redeem_discount_tool] includes\functions-shortcodes.php:318

WordPress Hooks 78

actionspar_after_points_updateincludes\admin\functions-analytics.php:183

actionspar_points_addedincludes\admin\functions-analytics.php:184

actionspar_points_removedincludes\admin\functions-analytics.php:185

actionadmin_enqueue_scriptsincludes\admin\pages\customer-detail-page.php:623

actionwp_loadedincludes\admin\pages\settings-page.php:603

actionadmin_enqueue_scriptsincludes\admin\settings\settings-utilities.php:1077

actionadmin_enqueue_scriptsincludes\admin\tables\customer-points-table.php:650

actionadmin_enqueue_scriptsincludes\admin\tables\customer-points-table.php:701

actionwoocommerce_before_checkout_formincludes\frontend\cart-checkout.php:10

actionwoocommerce_before_cart_totalsincludes\frontend\cart-checkout.php:12

actionwp_enqueue_scriptsincludes\frontend\cart-checkout.php:14

actionwoocommerce_blocks_checkout_block_registrationincludes\frontend\cart-checkout.php:16

actionwoocommerce_blocks_enqueue_checkout_block_scripts_afterincludes\frontend\cart-checkout.php:17

filterthe_contentincludes\frontend\cart-checkout.php:19

filterthe_contentincludes\frontend\cart-checkout.php:21

actionwoocommerce_thankyouincludes\frontend\cart-checkout.php:23

actionwoocommerce_cart_totals_before_order_totalincludes\frontend\cart-checkout.php:99

actionspar_show_redeem_discount_compactincludes\frontend\cart-checkout.php:130

filterwoocommerce_cart_totals_fee_htmlincludes\frontend\cart-checkout.php:474

actionadmin_menuincludes\functions-admin.php:29

actionadmin_enqueue_scriptsincludes\functions-admin.php:139

actionwp_enqueue_scriptsincludes\functions-admin.php:141

actionadmin_initincludes\functions-admin.php:143

actionshow_user_profileincludes\functions-admin.php:844

actionedit_user_profileincludes\functions-admin.php:845

actionpersonal_options_updateincludes\functions-admin.php:939

actionedit_user_profile_updateincludes\functions-admin.php:940

actionadd_meta_boxesincludes\functions-admin.php:972

actionadmin_enqueue_scriptsincludes\functions-admin.php:1220

actionwoocommerce_process_shop_order_metaincludes\functions-admin.php:1627

actioninitincludes\functions-core.php:12

actionadmin_initincludes\functions-core.php:531

actionpre_get_postsincludes\functions-coupons.php:5

filterposts_whereincludes\functions-coupons.php:10

actionspar_points_addedincludes\functions-email.php:92

actionspar_voucher_claimedincludes\functions-email.php:221

actionspar_user_level_changedincludes\functions-email.php:330

actionwp_mail_failedincludes\functions-email.php:420

actioninitincludes\functions-gift-redeem.php:12

actioninitincludes\functions-gift-redeem.php:45

actionwp_enqueue_scriptsincludes\functions-gift-redeem.php:307

filterwoocommerce_account_menu_itemsincludes\functions-myaccount.php:13

actionwoocommerce_account_rewards_endpointincludes\functions-myaccount.php:64

actionuser_registerincludes\functions-points.php:380

actiontemplate_redirectincludes\functions-points.php:395

actionwoocommerce_thankyouincludes\functions-points.php:420

actionwoocommerce_order_status_completedincludes\functions-points.php:421

actioninitincludes\functions-points.php:422

actionwoocommerce_order_status_refundedincludes\functions-points.php:566

actionwoocommerce_order_status_cancelledincludes\functions-points.php:567

actionwoocommerce_order_status_failedincludes\functions-points.php:568

actionwoocommerce_order_refundedincludes\functions-points.php:570

actionwoocommerce_order_fully_refundedincludes\functions-points.php:571

actionwp_loadedincludes\functions-redeem-action.php:9

actiontemplate_redirectincludes\functions-redeem-action.php:70

actionwoocommerce_add_to_cartincludes\functions-redeem-action.php:297

actionwoocommerce_cart_loaded_from_sessionincludes\functions-redeem-action.php:298

actionwoocommerce_cart_calculate_feesincludes\functions-redeem-action.php:450

actionwoocommerce_checkout_order_createdincludes\functions-redeem-action.php:653

actionwoocommerce_checkout_order_processedincludes\functions-redeem-action.php:662

actionwoocommerce_thankyouincludes\functions-redeem-action.php:671

actionwoocommerce_order_status_cancelledincludes\functions-redeem-action.php:688

actionwoocommerce_order_status_failedincludes\functions-redeem-action.php:689

actionwoocommerce_order_refundedincludes\functions-redeem-action.php:690

actionwoocommerce_order_fully_refundedincludes\functions-redeem-action.php:691

actionwp_enqueue_scriptsincludes\integrations\funnelkit\funnelkit-side-cart.php:163

actionwp_enqueue_scriptsincludes\links\functions-referral-links.php:187

actioninitincludes\links\functions-referral-tracking.php:12

actionwoocommerce_thankyouincludes\links\functions-referral-tracking.php:136

actionwoocommerce_order_status_completedincludes\links\functions-referral-tracking.php:277

actionwoocommerce_order_status_processingincludes\links\functions-referral-tracking.php:278

actionwoocommerce_order_status_refundedincludes\links\functions-referral-tracking.php:378

actionwoocommerce_order_status_cancelledincludes\links\functions-referral-tracking.php:379

actionwoocommerce_order_status_failedincludes\links\functions-referral-tracking.php:380

actionwoocommerce_order_refundedincludes\links\functions-referral-tracking.php:382

actionwoocommerce_order_fully_refundedincludes\links\functions-referral-tracking.php:388

actionadmin_menuincludes\migration\migration.php:191

actionbefore_woocommerce_initsimple-points-and-rewards.php:116

Maintenance & Trust

Simple Points and Rewards for WooCommerce – Create a Loyalty Program Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 20, 2026

PHP min version7.4

Downloads2K

Community Trust

Rating100/100

Number of ratings5

Active installs200

Alternatives

Simple Points and Rewards for WooCommerce – Create a Loyalty Program Alternatives

Points and Rewards for WooCommerce – LoyaltyX (Referral, Gamification & Loyalty Program)

loyaltyx-points-and-rewards-for-woocommerce

100

A lightweight WooCommerce points and rewards plugin to run a loyalty program where customers earn points on purchases and redeem them for discounts.

10 No CVEs

Loyalty Points and Rewards for Square

loyalty-points-and-rewards-for-square

100

Add a Square loyalty program to WooCommerce store. Enable customers to earn and track reward points automatically with Square loyalty integration.

0 No CVEs

Points and Rewards for WooCommerce

points-and-rewards-for-woocommerce

Points and Rewards for WooCommerce offer a reward for points to your customers for their activities & increase customer loyalty.

7K 3 CVEs

Easy Loyalty Points and Rewards for WooCommerce

easy-loyalty-points-and-rewards-for-woocommerce

A lightweight, easy to use customer loyalty system for WooCommerce.

300 No CVEs

XT Points & Rewards for WooCommerce

xt-woo-points-rewards

100

Points and Rewards for WooCommerce that lets you reward your customers for purchases and other actions with points that can be redeemed for discounts.

80 No CVEs

Developer Profile

Simple Points and Rewards for WooCommerce – Create a Loyalty Program Developer Profile

Elliot Sowersby / RelyWP

8 plugins · 146K total installs

trust score

Avg Security Score

97/100

Avg Patch Time

206 days

View full developer profile

Detection Fingerprints

How We Detect Simple Points and Rewards for WooCommerce – Create a Loyalty Program

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/simple-points-and-rewards/assets/css/admin-style.css/wp-content/plugins/simple-points-and-rewards/assets/js/admin-script.js/wp-content/plugins/simple-points-and-rewards/assets/js/frontend-script.js/wp-content/plugins/simple-points-and-rewards/assets/css/frontend-style.css/wp-content/plugins/simple-points-and-rewards/assets/css/myaccount-style.css/wp-content/plugins/simple-points-and-rewards/assets/js/myaccount-script.js

Script Paths

/wp-content/plugins/simple-points-and-rewards/assets/js/admin-script.js/wp-content/plugins/simple-points-and-rewards/assets/js/frontend-script.js/wp-content/plugins/simple-points-and-rewards/assets/js/myaccount-script.js

Version Parameters

simple-points-and-rewards/assets/css/admin-style.css?ver=simple-points-and-rewards/assets/js/admin-script.js?ver=simple-points-and-rewards/assets/js/frontend-script.js?ver=simple-points-and-rewards/assets/css/frontend-style.css?ver=simple-points-and-rewards/assets/css/myaccount-style.css?ver=simple-points-and-rewards/assets/js/myaccount-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

spar-points-balance-wrapperspar-points-log-tablespar-referral-code-wrapper

HTML Comments

Customer detail admin page

Data Attributes

data-user-iddata-nonce

JS Globals

spar_varsspar_redeem_ajax_object

REST Endpoints

/wp-json/spar/v1/points/redeem/wp-json/spar/v1/referral/track/wp-json/spar/v1/referral/offer/apply

Shortcode Output

[spar_points_balance][spar_points_log][spar_referral_link][spar_referral_stats]

FAQ