Does TWISM for WooCommerce have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is TWISM for WooCommerce compatible with WordPress 6.6.5?

According to WordPress.org data, TWISM for WooCommerce 1.5.2 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is TWISM for WooCommerce compatible with PHP 8.0.2+?

TWISM for WooCommerce requires PHP 8.0.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is TWISM for WooCommerce updated?

TWISM for WooCommerce was last updated on Nov 20, 2024. Frequent updates are generally a positive security signal.

What is TWISM for WooCommerce's security score?

TWISM for WooCommerce has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

TWISM for WooCommerce Security & Risk Analysis

wordpress.org/plugins/twism

Repeat sales for online or physical businesses

0 active installs v1.5.2 PHP 8.0.2+ WP 4.7+ Updated Nov 20, 2024

businessesloyaltyrewardssaleswoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is TWISM for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

TWISM for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'twism' plugin v1.5.2 exhibits a concerning security posture due to its exposed entry points. While the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all output, the presence of two REST API routes that lack permission callbacks is a significant security risk. This directly contributes to an unprotected attack surface of 2 entry points, meaning unauthenticated users could potentially interact with these routes, leading to unintended consequences or information leakage. The absence of any recorded vulnerabilities in its history is a positive indicator, suggesting a lack of previously discovered security flaws or a history of prompt patching. However, this does not mitigate the immediate risks identified in the static analysis. The plugin's strengths lie in its secure handling of database operations and output, but these are overshadowed by the critical vulnerability of unprotected API routes.

Key Concerns

REST API routes without permission callbacks
Large attack surface without authentication

Vulnerabilities

None known

TWISM for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

TWISM for WooCommerce Release Timeline

v1.5.1

v1.5.0

v1.1.0

v1.0.0

Code Analysis

Analyzed Mar 17, 2026

TWISM for WooCommerce Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Guzzle

Output Escaping

100% escaped6 total outputs

Attack Surface

2 unprotected

TWISM for WooCommerce Attack Surface

Entry Points2

Unprotected2

REST API Routes 2

POST/wp-json/twism/v1/secrettwism.php:278

GET/wp-json/twism/v1/locationtwism.php:287

WordPress Hooks 7

filtersafe_style_csstwism.php:203

filtersafe_style_csstwism.php:231

actionwp_enqueue_scriptstwism.php:298

actionactivated_plugintwism.php:299

actiondeactivated_plugintwism.php:300

actionadmin_menutwism.php:301

actionrest_api_inittwism.php:302

Maintenance & Trust

TWISM for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedNov 20, 2024

PHP min version8.0.2

Downloads2K

Community Trust

Rating100/100

Number of ratings1

Active installs0

Alternatives

TWISM for WooCommerce Alternatives

Easy Loyalty Points and Rewards for WooCommerce

easy-loyalty-points-and-rewards-for-woocommerce

A lightweight, easy to use customer loyalty system for WooCommerce.

300 No CVEs

Simple Points and Rewards for WooCommerce – Create a Loyalty Program

simple-points-and-rewards

100

WooCommerce Points and Rewards plugin. Create a simple but powerful loyalty program. Reward purchases, referrals, and much more.

200 No CVEs

RewardsWP – Loyalty Points & Referral Program for WooCommerce

rewardswp

Turn customers into brand advocates with loyalty points and referral programs for WooCommerce and Easy Digital Downloads.

100 1 CVE

XT Points & Rewards for WooCommerce

xt-woo-points-rewards

100

Points and Rewards for WooCommerce that lets you reward your customers for purchases and other actions with points that can be redeemed for discounts.

80 No CVEs

HostPlugin – WooCommerce Points & Rewards

hostplugin-woocommerce-points-and-rewards

Reward your loyal customers for purchases and other actions using points which can be redeemed for discounts on future purchase.

50 No CVEs

Developer Profile

TWISM for WooCommerce Developer Profile

twismwp

1 plugin · 0 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect TWISM for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/twism/build/index.js

Script Paths

https://assets.twism.com/widget/build/bundle.js

HTML / DOM Fingerprints

Data Attributes

data-twism-user-iddata-twism-user-emaildata-twism-order-id

JS Globals

twism_data

FAQ