Does Spin Wheel – Interactive spinning wheel that offers coupons have any unpatched vulnerabilities?

No. All known vulnerabilities in Spin Wheel – Interactive spinning wheel that offers coupons have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Spin Wheel – Interactive spinning wheel that offers coupons compatible with WordPress 6.9.4?

According to WordPress.org data, Spin Wheel – Interactive spinning wheel that offers coupons 2.1.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Spin Wheel – Interactive spinning wheel that offers coupons compatible with PHP 7.4+?

Spin Wheel – Interactive spinning wheel that offers coupons requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Spin Wheel – Interactive spinning wheel that offers coupons Security & Risk Analysis

wordpress.org/plugins/spin-wheel

The Spin Wheel plugin allows you to engage your visitors with an interactive spinning wheel that offers coupons and other rewards.

500 active installs v2.1.3 PHP 7.4+ WP 6.7+ Updated Mar 10, 2026

couponcoupon-wheeldiscountfortune-wheellucky-wheel

A · Safe

CVEs total1

Unpatched0

Last CVEJan 16, 2026

Plugin page Download

Safety Verdict

Is Spin Wheel – Interactive spinning wheel that offers coupons Safe to Use in 2026?

Generally Safe

Score 99/100

Spin Wheel – Interactive spinning wheel that offers coupons has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Jan 16, 2026Updated 25d ago

Risk Assessment

The 'spin-wheel' plugin v2.1.3 presents a mixed security posture. While it demonstrates good practices in using prepared statements for SQL queries and proper output escaping for the majority of its code, there are notable areas of concern. The presence of 18 AJAX handlers, with two lacking authentication checks, creates a significant attack surface. Furthermore, the taint analysis revealing three high-severity flows with unsanitized paths indicates a risk of potential code injection or other serious vulnerabilities, even though no critical severity flows were found.

The plugin's vulnerability history shows one known medium-severity CVE, which is currently patched. This suggests that while the developers have addressed past issues, the pattern of 'Client-Side Enforcement of Server-Side Security' in its historical vulnerabilities could imply a tendency to rely on user-side checks that might be bypassable. The latest vulnerability was reported in the future, which is likely a data anomaly.

Overall, the 'spin-wheel' plugin has some strengths in its code hygiene regarding SQL and output handling. However, the unprotected AJAX endpoints and the high-severity unsanitized paths identified in the taint analysis are significant security risks that require immediate attention. The past vulnerability type also warrants careful consideration.

Key Concerns

Unprotected AJAX handlers
High severity unsanitized paths in taint analysis
Medium severity CVE (historical)

Vulnerabilities

Spin Wheel – Interactive spinning wheel that offers coupons Security Vulnerabilities

CVEs by Year

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2026-0808medium · 5.3Client-Side Enforcement of Server-Side Security

Spin Wheel <= 2.1.0 - Unauthenticated Client-Side Prize Manipulation via 'prize_index' Parameter

Jan 16, 2026 Patched in 2.1.1 (1d)

Code Analysis

Analyzed Mar 16, 2026

Spin Wheel – Interactive spinning wheel that offers coupons Code Analysis

Dangerous Functions

Raw SQL Queries

33 prepared

Unescaped Output

104

587 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

85% prepared39 total queries

Output Escaping

85% escaped691 total outputs

Data Flows

5 unsanitized

Data Flow Analysis

11 flows5 with unsanitized paths

ajax_load_entries_pagination (admin\class-swp-admin-entries.php:384)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Spin Wheel – Interactive spinning wheel that offers coupons Attack Surface

Entry Points19

Unprotected2

AJAX Handlers 18

authwp_ajax_sw_admin_api_biggopti_dismissadmin\class-swp-admin-api-biggopti.php:20

authwp_ajax_swp_delete_entryadmin\class-swp-admin-entries.php:42

authwp_ajax_swp_bulk_delete_entriesadmin\class-swp-admin-entries.php:43

authwp_ajax_swp_export_filtered_entriesadmin\class-swp-admin-entries.php:44

authwp_ajax_swp_load_entries_paginationadmin\class-swp-admin-entries.php:45

authwp_ajax_swp_save_settingsadmin\class-swp-admin.php:54

authwp_ajax_swp_run_cleanup_nowadmin\class-swp-admin.php:55

authwp_ajax_swp_spin_wheelincludes\class-swp-ajax.php:42

noprivwp_ajax_swp_spin_wheelincludes\class-swp-ajax.php:43

authwp_ajax_swp_send_otpincludes\class-swp-ajax.php:46

noprivwp_ajax_swp_send_otpincludes\class-swp-ajax.php:47

authwp_ajax_swp_verify_otpincludes\class-swp-ajax.php:48

noprivwp_ajax_swp_verify_otpincludes\class-swp-ajax.php:49

authwp_ajax_swp_select_winnerincludes\class-swp-ajax.php:52

authwp_ajax_swp_revert_winnerincludes\class-swp-ajax.php:53

authwp_ajax_swp_bulk_select_winnersincludes\class-swp-ajax.php:54

authwp_ajax_swp_export_entriesincludes\class-swp-ajax.php:55

authwp_ajax_swp_get_pagesincludes\class-swp-ajax.php:56

Shortcodes 1

[spin_wheel] includes\class-swp-shortcode.php:41

WordPress Hooks 18

actionadmin_enqueue_scriptsadmin\class-swp-admin-api-biggopti.php:22

actionadmin_menuadmin\class-swp-admin-entries.php:41

actionwp_dashboard_setupadmin\class-swp-admin-feeds.php:26

actionadmin_enqueue_scriptsadmin\class-swp-admin-feeds.php:27

actionadmin_menuadmin\class-swp-admin.php:45

actionadmin_enqueue_scriptsadmin\class-swp-admin.php:46

filtermanage_swp_wheel_posts_columnsadmin\class-swp-admin.php:47

actionmanage_swp_wheel_posts_custom_columnadmin\class-swp-admin.php:48

actionadmin_headadmin\class-swp-admin.php:51

actionadd_meta_boxesadmin\class-swp-metaboxes.php:41

actionsave_post_swp_wheeladmin\class-swp-metaboxes.php:42

actioninitincludes\class-swp-blocks.php:41

filterswp_email_contentincludes\class-swp-email.php:42

actioninitincludes\class-swp-post-type.php:41

actionwp_headincludes\class-swp-shortcode.php:42

actionwp_footerincludes\class-swp-shortcode.php:43

actionplugins_loadedspin-wheel.php:66

actionswp_daily_cleanupspin-wheel.php:71

Scheduled Events 1

swp_daily_cleanup

Maintenance & Trust

Spin Wheel – Interactive spinning wheel that offers coupons Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 10, 2026

PHP min version7.4

Downloads13K

Community Trust

Rating0/100

Number of ratings0

Active installs500

Alternatives

Spin Wheel – Interactive spinning wheel that offers coupons Alternatives

Spin Wheel Pop Up

crazyrocket-pop-ups

Wheel and gamified popups for WooCommerce! Grow your email list and sales.

100 No CVEs

Ultimate Spin Wheel – Gamify Your Store & Boost Sales

ultimate-spin-wheel

100

Boost sales and capture leads with engaging spin-to-win popups. Reduce cart abandonment and increase conversions with customizable discount wheels.

0 No CVEs

Discount Rules for WooCommerce

woo-discount-rules

The discount plugin for WooCommerce helps you create bulk discount, quantity discount, storewide sale, dynamic pricing discount offers easily.

100K 4 CVEs

Smart Coupons For WooCommerce Coupons

wt-smart-coupons-for-woocommerce

Best WooCommerce coupons plugin to create advanced coupons and discount codes with auto-apply, BOGO, free shipping, giveaways, and discount rules.

30K 1 CVE

Advanced Dynamic Pricing and Discount Rules for WooCommerce

advanced-dynamic-pricing-for-woocommerce

The discount plugin for WooCommerce supports any dynamic pricing discount: bulk discount, role discount, storewide, bogo, gifts, cart discount

20K 7 CVEs

Developer Profile

Spin Wheel – Interactive spinning wheel that offers coupons Developer Profile

bdthemes

24 plugins · 251K total installs

trust score

Avg Security Score

98/100

Avg Patch Time

21 days

View full developer profile

Detection Fingerprints

How We Detect Spin Wheel – Interactive spinning wheel that offers coupons

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/spin-wheel/assets/css/frontend.css/wp-content/plugins/spin-wheel/assets/css/wheel.css/wp-content/plugins/spin-wheel/assets/js/frontend.js/wp-content/plugins/spin-wheel/assets/js/wheel.js/wp-content/plugins/spin-wheel/assets/js/slick.min.js

Script Paths

/wp-content/plugins/spin-wheel/assets/js/wheel.js/wp-content/plugins/spin-wheel/assets/js/frontend.js

Version Parameters

spin-wheel/assets/css/frontend.css?ver=spin-wheel/assets/css/wheel.css?ver=spin-wheel/assets/js/frontend.js?ver=spin-wheel/assets/js/wheel.js?ver=spin-wheel/assets/js/slick.min.js?ver=

HTML / DOM Fingerprints

CSS Classes

spin_wheel_wrapperspin_wheel_canvasspin_wheel_winner_popupspin_wheel_win_titlespin_wheel_win_prizespin_wheel_win_btnswp_spin_button

Data Attributes

data-wheel-iddata-wheel-optionsdata-swp-action

JS Globals

spinwheel_optionsspinwheel_frontend_paramsSWP_AJAX_URL

Shortcode Output

[spin_wheel][spin_wheel_wheel]

FAQ