WP-Safety

MyRewards Security & Risk Analysis

wordpress.org/plugins/woorewards

Free top-rated points and rewards program to retain your customers, grow your sales and get new customers.

3K active installs v5.7.3 PHP 7.3.0+ WP 5.3+ Updated Mar 9, 2026
couponsloyaltypointsreferralsrewards
98
A · Safe
CVEs total2
Unpatched0
Last CVEFeb 3, 2026
Plugin page Download
Safety Verdict

Is MyRewards Safe to Use in 2026?

Generally Safe

Score 98/100

MyRewards has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Feb 3, 2026Updated 25d ago
Risk Assessment

The "woorewards" plugin v5.7.3 exhibits a mixed security posture. While it demonstrates good practices such as a high percentage of prepared SQL statements and properly escaped output, there are significant concerns. The presence of the `unserialize` function, especially without explicitly mentioned nonce or capability checks on all potential usage points, raises a red flag for potential deserialization vulnerabilities. Furthermore, the taint analysis revealing 6 out of 7 flows with unsanitized paths, including 3 high-severity flows, indicates potential risks of data manipulation or code execution if these paths are exposed to user input without proper sanitization. The vulnerability history, showing two medium-severity CVEs in the past, both related to missing authorization, suggests a recurring pattern of authorization flaws. While there are currently no unpatched vulnerabilities, this history warrants caution, especially in conjunction with the code signals.

Key Concerns

  • Dangerous function unserialize used
  • High severity taint flow found
  • Unsanitized paths in taint analysis
  • No nonce checks detected
  • Medium severity CVEs in history
Vulnerabilities
2

MyRewards Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-15260medium · 6.5Missing Authorization

MyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification

Feb 3, 2026 Patched in 5.7.0 (13d)
CVE-2024-32688medium · 5.4Missing Authorization

MyRewards <= 5.3.0 - Missing Authorization

Apr 17, 2024 Patched in 5.3.1 (7d)
Code Analysis
Analyzed Mar 16, 2026

MyRewards Code Analysis

Dangerous Functions
4
Raw SQL Queries
17
110 prepared
Unescaped Output
12
106 escaped
Nonce Checks
0
Capability Checks
2
File Operations
2
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$reason = @unserialize($row['op_reason']);include\core\pointstack.php:377
unserialize$reason = @unserialize($row['op_reason']);include\core\pointstack.php:457
unserialize$reason = @unserialize($row->comments);include\core\pointstack.php:759
unserialize$reason = @unserialize($raw);include\core\trace.php:143

SQL Query Safety

87% prepared127 total queries

Output Escaping

90% escaped118 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

7 flows6 with unsanitized paths
ajaxRefresh (include\ui\woocommerce\pointsoncart.php:517)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

MyRewards Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 9
filterlws_woorewards_mailsinclude\mails\newreward.php:16
actionadmin_enqueue_scriptsinclude\ui\woocommerce\ordernote.php:25
filterlws_adminpanel_purchase_url_woorewardswoorewards.php:48
filterlws_adm_trialend_msgwoorewards.php:49
filterlws_adm_trialstart_msgwoorewards.php:50
filterlws_adminpanel_documentation_url_woorewardswoorewards.php:53
actionsetup_themewoorewards.php:60
actionsetup_themewoorewards.php:61
actionlws_woorewards_daily_eventwoorewards.php:65
Maintenance & Trust

MyRewards Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 9, 2026
PHP min version7.3.0
Downloads262K

Community Trust

Rating94/100
Number of ratings58
Active installs3K
Alternatives

MyRewards Alternatives

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty

wployalty

A
100

Create WooCommerce points and rewards program with WPLoyalty to increase customer loyalty and boost sales. Reward customers to drive repeat purchases.

3K No CVEs
RewardsWP – Loyalty Points & Referral Program for WooCommerce

RewardsWP – Loyalty Points & Referral Program for WooCommerce

rewardswp

A
100

Turn customers into brand advocates with loyalty points and referral programs for WooCommerce and Easy Digital Downloads.

90 No CVEs
XT Points & Rewards for WooCommerce

XT Points & Rewards for WooCommerce

xt-woo-points-rewards

A
92

Points and Rewards for WooCommerce that lets you reward your customers for purchases and other actions with points that can be redeemed for discounts.

90 No CVEs
Loyalty for WooCommerce – Points and Rewards / Loyalty Program

Loyalty for WooCommerce – Points and Rewards / Loyalty Program

loyalty-for-woocommerce

A
100

Create a flexible loyalty and rewards program for WooCommerce—reward customers with points, increase retention, and grow repeat sales.

10 No CVEs
Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

mycred

C
62

A WordPress gamification plugin is also a points management system. Award ranks, loyalty points and rewards or WooCommerce rewards to your users.

10K 1 unpatched
Developer Profile

MyRewards Developer Profile

Long Watch Studio

2 plugins · 3K total installs

91
trust score
Avg Security Score
95/100
Avg Patch Time
10 days
View full developer profile
Detection Fingerprints

How We Detect MyRewards

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/woorewards/assets/css/bootstrap-grid.min.css/wp-content/plugins/woorewards/assets/css/bootstrap-reboot.min.css/wp-content/plugins/woorewards/assets/css/chart.min.css/wp-content/plugins/woorewards/assets/css/daterangepicker.css/wp-content/plugins/woorewards/assets/css/select2.min.css/wp-content/plugins/woorewards/assets/css/style.css/wp-content/plugins/woorewards/assets/css/tooltips.css/wp-content/plugins/woorewards/assets/js/bootstrap.bundle.min.js+5 more
Script Paths
/wp-content/plugins/woorewards/assets/js/bootstrap.bundle.min.js/wp-content/plugins/woorewards/assets/js/chart.min.js/wp-content/plugins/woorewards/assets/js/daterangepicker.min.js/wp-content/plugins/woorewards/assets/js/moment.min.js/wp-content/plugins/woorewards/assets/js/select2.min.js/wp-content/plugins/woorewards/assets/js/script.js
Version Parameters
woorewards/assets/css/bootstrap-grid.min.css?ver=woorewards/assets/css/bootstrap-reboot.min.css?ver=woorewards/assets/css/chart.min.css?ver=woorewards/assets/css/daterangepicker.css?ver=woorewards/assets/css/select2.min.css?ver=woorewards/assets/css/style.css?ver=woorewards/assets/css/tooltips.css?ver=woorewards/assets/js/bootstrap.bundle.min.js?ver=woorewards/assets/js/chart.min.js?ver=woorewards/assets/js/daterangepicker.min.js?ver=woorewards/assets/js/moment.min.js?ver=woorewards/assets/js/select2.min.js?ver=woorewards/assets/js/script.js?ver=

HTML / DOM Fingerprints

CSS Classes
lws-woorewards-admin-pagelws-woorewards-customers-pagelws-woorewards-loyalty-pagelws-woorewards-settings-pagelws-wr-tooltip
HTML Comments
<!-- WooCommerce Points & Rewards by Long Watch Studio --><!-- LWS WooRewards -->
Data Attributes
data-lws-wr-tooltip
JS Globals
LWSWooRewardsLWS_WOOREWARDS_AJAX_URL
FAQ

Frequently Asked Questions about MyRewards