Does WordPoints have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is WordPoints compatible with WordPress 5.0.25?

According to WordPress.org data, WordPoints 2.4.2 has been tested up to WordPress 5.0.25. Check the plugin's changelog for the latest compatibility information.

How often is WordPoints updated?

WordPoints was last updated on May 8, 2018. Frequent updates are generally a positive security signal.

What is WordPoints's security score?

WordPoints has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WordPoints Security & Risk Analysis

wordpress.org/plugins/wordpoints

Gamify your site, track user rep, or run a rewards program. WordPoints has a powerful core, infinitely extendable via add-ons.

100 active installs v2.4.2 PHP + WP 4.7+ Updated May 8, 2018

awardscreditsgamifypointsrewards

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WordPoints Safe to Use in 2026?

Generally Safe

Score 85/100

WordPoints has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago

Risk Assessment

The WordPoints plugin v2.4.2 exhibits a mixed security posture. On the positive side, it demonstrates strong adherence to secure coding practices, with a high percentage of SQL queries using prepared statements and a very high rate of output escaping. The absence of known CVEs and a history of vulnerabilities is also a significant strength, indicating a generally well-maintained and secure codebase over time.

However, a major concern arises from the extensive attack surface presented by its AJAX handlers. All 11 AJAX handlers lack authentication checks, meaning any unauthenticated user can potentially trigger these functionalities. While taint analysis did not reveal critical or high severity vulnerabilities, the presence of 6 flows with unsanitized paths is a notable weakness that could be exploited if an attacker can control the input to these paths. Furthermore, the plugin has 18 nonce checks, but it's unclear from the data if these are adequately implemented across all AJAX handlers, especially given the lack of authentication checks.

In conclusion, while WordPoints has a good track record and strong internal code hygiene, the lack of authentication on its AJAX endpoints presents a significant, exploitable risk. This oversight, coupled with the identified unsanitized paths in taint analysis, significantly outweighs the positive aspects of its security practices. The plugin's developers should prioritize implementing proper authentication and authorization checks on all AJAX handlers to mitigate this risk.

Key Concerns

11 AJAX handlers without auth checks
6 flows with unsanitized paths

Vulnerabilities

None known

WordPoints Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

WordPoints Release Timeline

v2.4.2Current

v2.4.1

v2.4.0

v2.3.0

v2.2.2

v2.2.1

v2.2.0

v2.1.5

v2.1.4

v2.1.3

v2.1.2

v2.1.1

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.10.4

v1.10.3

v1.10.2

v1.10.1

Code Analysis

Analyzed Mar 16, 2026

WordPoints Code Analysis

Dangerous Functions

Raw SQL Queries

45 prepared

Unescaped Output

726 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

67% prepared67 total queries

Output Escaping

92% escaped788 total outputs

Data Flows · Security

6 unsanitized

Data Flow Analysis

12 flows6 with unsanitized paths

<extensions> (admin\classes\list\table\extensions.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

11 unprotected

WordPoints Attack Surface

Entry Points11

Unprotected11

AJAX Handlers 11

authwp_ajax_wordpoints_admin_create_hook_reactionadmin\classes\ajax\hooks.php:188

authwp_ajax_wordpoints_admin_update_hook_reactionadmin\classes\ajax\hooks.php:193

authwp_ajax_wordpoints_admin_delete_hook_reactionadmin\classes\ajax\hooks.php:198

noprivwp_ajax_wordpoints_breaking_module_checkadmin\includes\filters.php:57

authwp_ajax_wordpoints-delete-admin-notice-optionadmin\includes\filters.php:58

authwp_ajax_wordpoints-points-hooks-ordercomponents\points\admin\includes\filters.php:37

authwp_ajax_save-wordpoints-points-hookcomponents\points\admin\includes\filters.php:38

authwp_ajax_wordpoints_admin_get_rankscomponents\ranks\admin\includes\ajax.php:131

authwp_ajax_wordpoints_admin_create_rankcomponents\ranks\admin\includes\ajax.php:132

authwp_ajax_wordpoints_admin_update_rankcomponents\ranks\admin\includes\ajax.php:133

authwp_ajax_wordpoints_admin_delete_rankcomponents\ranks\admin\includes\ajax.php:134

WordPress Hooks 187

actionadmin_enqueue_scriptsadmin\classes\screen.php:65

actionadmin_print_footer_scriptsadmin\classes\screen.php:66

actioncurrent_screenadmin\classes\screens.php:30

actionwordpoints_init_app-appsadmin\includes\filters.php:10

actionadmin_initadmin\includes\filters.php:12

actionadmin_initadmin\includes\filters.php:13

actionadmin_initadmin\includes\filters.php:16

filterscript_loader_tagadmin\includes\filters.php:19

actionadmin_menuadmin\includes\filters.php:21

actionnetwork_admin_menuadmin\includes\filters.php:22

actionload-wordpoints_page_wordpoints_extensionsadmin\includes\filters.php:24

actionload-toplevel_page_wordpoints_extensionsadmin\includes\filters.php:25

actionload-wordpoints_page_wordpoints_modulesadmin\includes\filters.php:27

actionload-toplevel_page_wordpoints_modulesadmin\includes\filters.php:28

actionload-toplevel_page_wordpoints_configureadmin\includes\filters.php:30

actionload-toplevel_page_wordpoints_configureadmin\includes\filters.php:32

actionwordpoints_install_extensions-uploadadmin\includes\filters.php:34

actionupdate-custom_upload-wordpoints-moduleadmin\includes\filters.php:36

actionupdate-custom_wordpoints-upgrade-extensionadmin\includes\filters.php:37

actionupdate-custom_wordpoints-reactivate-extensionadmin\includes\filters.php:38

actionupdate-custom_wordpoints-iframe-extension-changelogadmin\includes\filters.php:39

actionupdate-custom_update-selected-wordpoints-extensionsadmin\includes\filters.php:40

actionupdate-core-custom_do-wordpoints-extension-upgradeadmin\includes\filters.php:42

actionwordpoints_extensions_screen-update-selectedadmin\includes\filters.php:43

actioncore_upgrade_preambleadmin\includes\filters.php:45

actionupgrader_source_selectionadmin\includes\filters.php:47

actionupgrader_source_selectionadmin\includes\filters.php:48

actionwordpoints_admin_configure_footadmin\includes\filters.php:50

actionadmin_noticesadmin\includes\filters.php:52

actionadmin_noticesadmin\includes\filters.php:53

actionset-screen-optionadmin\includes\filters.php:55

actionload-plugins.phpadmin\includes\filters.php:60

actionload-update-core.phpadmin\includes\filters.php:61

actioninstall_plugins_pre_plugin-informationadmin\includes\filters.php:62

filterwp_kses_allowed_htmladmin\includes\filters.php:64

filterwordpoints_modules_list_table_itemsadmin\includes\filters.php:66

filterwordpoints_module_list_row_classadmin\includes\filters.php:67

actionwordpoints_after_module_rowadmin\includes\filters.php:68

actionload-wordpoints_page_wordpoints_extensionsadmin\includes\filters.php:72

actionload-toplevel_page_wordpoints_extensionsadmin\includes\filters.php:73

actionload-update.phpadmin\includes\filters.php:74

actionload-update-core.phpadmin\includes\filters.php:75

actionupgrader_process_completeadmin\includes\filters.php:76

actionadmin_initadmin\includes\filters.php:77

filtersite_transient_update_pluginsadmin\includes\functions.php:2535

actionplugins_loadedclasses\components.php:96

filterdate_query_valid_columnsclasses\db\query.php:852

filterupgrader_clear_destinationclasses\extension\upgrader.php:172

filterupgrader_source_selectionclasses\extension\upgrader.php:173

filterupgrader_source_selectionclasses\extension\upgrader.php:174

filterupgrader_pre_installclasses\extension\upgrader.php:175

filterupgrader_source_selectionclasses\module\installer.php:124

filterwordpoints_extensions_dirclasses\uninstaller\core\extensions.php:27

filterwordpoints_extensions_urlclasses\uninstaller\core\extensions.php:28

filteris_wordpoints_extension_activeclasses\uninstaller\core\extensions.php:32

actionadd_meta_boxescomponents\points\admin\classes\screen\points\types.php:100

actionadd_meta_boxescomponents\points\admin\classes\screen\points\types.php:101

actionadd_meta_boxescomponents\points\admin\classes\screen\points\types.php:102

actionadd_meta_boxescomponents\points\admin\classes\screen\points\types.php:103

actionwordpoints_admin_points_events_headcomponents\points\admin\classes\screen\points\types.php:105

actionwordpoints_admin_points_events_footcomponents\points\admin\classes\screen\points\types.php:106

actioninitcomponents\points\admin\includes\filters.php:10

actionadmin_menucomponents\points\admin\includes\filters.php:12

actionnetwork_admin_menucomponents\points\admin\includes\filters.php:15

actionload-wordpoints_page_wordpoints_points_hookscomponents\points\admin\includes\filters.php:18

actionload-wordpoints_page_wordpoints_points_hookscomponents\points\admin\includes\filters.php:20

actionscreen_settingscomponents\points\admin\includes\filters.php:22

actionwordpoints_in_points_hook_formcomponents\points\admin\includes\filters.php:24

actionpersonal_optionscomponents\points\admin\includes\filters.php:26

actionpersonal_options_updatecomponents\points\admin\includes\filters.php:28

actionedit_user_profile_updatecomponents\points\admin\includes\filters.php:29

actionwordpoints_admin_settings_topcomponents\points\admin\includes\filters.php:31

actionwordpoints_admin_settings_updatecomponents\points\admin\includes\filters.php:33

actionadmin_noticescomponents\points\admin\includes\filters.php:35

filteradmin_body_classcomponents\points\admin\screens\hooks-load.php:55

filterwordpoints_points_hook_update_callbackcomponents\points\classes\updater\1\4\0\hooks.php:57

filterwordpoints_points_logcomponents\points\classes\updater\2\1\4\logs.php:404

filterwordpoints_points_logs_table_extra_classescomponents\points\classes\widget\logs.php:106

filterwordpoints_points_widget_textcomponents\points\classes\widget\user\points.php:66

filtersanitize_keycomponents\points\includes\class-wordpoints-points-logs-query.php:511

actiontransition_comment_statuscomponents\points\includes\deprecated.php:150

filterwordpoints_points_log-comment_disapprovecomponents\points\includes\deprecated.php:151

actiondelete_postcomponents\points\includes\deprecated.php:354

filterwordpoints_points_log-post_deletecomponents\points\includes\deprecated.php:355

actionwordpoints_init_app-componentscomponents\points\includes\filters.php:10

actionwordpoints_init_app-components-pointscomponents\points\includes\filters.php:12

actionwordpoints_init_app-components-points-logscomponents\points\includes\filters.php:13

actionwordpoints_init_app_registry-components-points-logs-viewscomponents\points\includes\filters.php:15

actionwordpoints_init_app_registry-components-points-logs-viewing_restrictionscomponents\points\includes\filters.php:16

actionwordpoints_init_app_registry-hooks-reactorscomponents\points\includes\filters.php:18

actionwordpoints_init_app_registry-hooks-reaction_storescomponents\points\includes\filters.php:19

actionwordpoints_init_app_registry-hooks-extensionscomponents\points\includes\filters.php:20

actionwordpoints_register_post_type_hook_eventscomponents\points\includes\filters.php:23

filterwordpoints_htgp_shortcode_reaction_pointscomponents\points\includes\filters.php:26

actionwp_enqueue_scriptscomponents\points\includes\filters.php:28

actionadmin_enqueue_scriptscomponents\points\includes\filters.php:29

filterwordpoints_format_pointscomponents\points\includes\filters.php:31

actiondeleted_usercomponents\points\includes\filters.php:33

actiondelete_blogcomponents\points\includes\filters.php:34

actionwordpoints_points_type_form_topcomponents\points\includes\filters.php:36

actionwordpoints_admin_points_logs_tabcomponents\points\includes\filters.php:37

actioninitcomponents\points\includes\filters.php:39

actionwordpoints_register_points_logs_queriescomponents\points\includes\filters.php:41

filterwordpoints_points_log-profile_editcomponents\points\includes\filters.php:43

filterwordpoints_points_log-comment_disapprovecomponents\points\includes\filters.php:44

filterwordpoints_points_log-post_deletecomponents\points\includes\filters.php:45

actionwordpoints_points_alteredcomponents\points\includes\filters.php:47

actionwordpoints_points_alteredcomponents\points\includes\filters.php:48

actionuser_registercomponents\points\includes\filters.php:50

actionwordpoints_extensions_loadedcomponents\points\includes\filters.php:52

actionwidgets_initcomponents\points\includes\filters.php:54

actionwordpoints_points_hooks_registercomponents\points\includes\filters.php:56

actiondeleted_usercomponents\points\includes\filters.php:59

actionremove_user_from_blogcomponents\points\includes\filters.php:61

actiontransition_comment_statuscomponents\points\includes\hooks\abstracts\comment-approved.php:43

actiontransition_comment_statuscomponents\points\includes\hooks\abstracts\comment-approved.php:44

actionwp_insert_commentcomponents\points\includes\hooks\abstracts\comment-approved.php:45

actiondelete_commentcomponents\points\includes\hooks\abstracts\comment-approved.php:47

actiondelete_postcomponents\points\includes\hooks\abstracts\post-type.php:51

actioninitcomponents\points\includes\hooks\periodic.php:44

filterwordpoints_points_log-periodiccomponents\points\includes\hooks\periodic.php:46

actiontransition_post_statuscomponents\points\includes\hooks\post.php:84

actiondelete_postcomponents\points\includes\hooks\post.php:85

actionuser_registercomponents\points\includes\hooks\registration.php:43

filterwordpoints_points_log-registercomponents\points\includes\hooks\registration.php:44

filtersanitize_keycomponents\points\includes\points.php:767

filtersanitize_keycomponents\points\includes\points.php:802

filtersanitize_keycomponents\points\includes\points.php:830

filtersanitize_keycomponents\points\includes\points.php:867

filtersanitize_keycomponents\points\includes\points.php:906

actioninitcomponents\ranks\admin\includes\filters.php:10

actionadmin_menucomponents\ranks\admin\includes\filters.php:12

actionload-wordpoints_page_wordpoints_rankscomponents\ranks\admin\includes\filters.php:14

actionwordpoints_extensions_loadedcomponents\ranks\includes\filters.php:10

actionwordpoints_ranks_registercomponents\ranks\includes\filters.php:12

actionuser_registercomponents\ranks\includes\filters.php:14

actionadd_user_to_blogcomponents\ranks\includes\filters.php:15

actionremove_user_from_blogcomponents\ranks\includes\filters.php:18

actiondeleted_usercomponents\ranks\includes\filters.php:20

filterwordpoints_points_widget_textcomponents\ranks\includes\integration\points\filters.php:10

actionwordpoints_my_points_widget_below_text_fieldcomponents\ranks\includes\integration\points\filters.php:11

filterwordpoints_points_top_users_usernamecomponents\ranks\includes\integration\points\filters.php:13

filtershortcode_atts_wordpoints_user_rankcomponents\ranks\includes\integration\points\filters.php:15

filtershortcode_atts_wordpoints_rank_listcomponents\ranks\includes\integration\points\filters.php:16

actionwordpoints_ranks_registercomponents\ranks\includes\integration\points\filters.php:18

actionadd_meta_boxescomponents\ranks\includes\integration\points\filters.php:20

actionwordpoints_points_alteredcomponents\ranks\includes\rank-types\points.php:62

actionregistered_post_typeincludes\apps.php:365

actionregistered_taxonomyincludes\apps.php:372

actionplugins_loadedincludes\filters.php:13

actionplugins_loadedincludes\filters.php:14

actionplugins_loadedincludes\filters.php:15

actionplugins_loadedincludes\filters.php:16

filtermap_meta_capincludes\filters.php:18

actionwordpoints_components_registerincludes\filters.php:20

actionwordpoints_components_registerincludes\filters.php:21

actioninitincludes\filters.php:23

actioninitincludes\filters.php:30

actionwordpoints_extension_update_check_completedincludes\filters.php:31

actionwordpoints_check_for_extension_updatesincludes\filters.php:33

actionwp_enqueue_scriptsincludes\filters.php:36

actionadmin_enqueue_scriptsincludes\filters.php:37

actionwordpoints_extensions_loadedincludes\filters.php:39

actionwpmu_new_blogincludes\filters.php:40

actionshutdownincludes\filters.php:44

actionwordpoints_init_app-appsincludes\filters.php:55

actionwordpoints_init_app-entitiesincludes\filters.php:56

actionwordpoints_init_app-entities-restrictionsincludes\filters.php:57

actionwordpoints_init_app_registry-apps-entitiesincludes\filters.php:59

actionwordpoints_init_app_registry-entities-contextsincludes\filters.php:60

actionwordpoints_init_app_registry-entities-restrictions-knowincludes\filters.php:61

actionwordpoints_init_app_registry-entities-restrictions-viewincludes\filters.php:62

actionwordpoints_init_app_registry-apps-data_typesincludes\filters.php:64

actionwordpoints_init_app_registry-apps-extension_server_apisincludes\filters.php:65

actionwordpoints_init_app_registry-hooks-extensionsincludes\filters.php:67

actionwordpoints_init_app_registry-hooks-eventsincludes\filters.php:68

actionwordpoints_init_app_registry-hooks-actionsincludes\filters.php:69

actionwordpoints_init_app_registry-hooks-conditionsincludes\filters.php:70

actionwordpoints_register_post_type_entitiesincludes\filters.php:72

actionwordpoints_extensions_loadedincludes\filters.php:74

filterwp_get_update_dataincludes\filters.php:76

filterwordpoints_extensions_dirincludes\filters.php:78

filterwordpoints_extensions_urlincludes\filters.php:79

filterwordpoints_extension_dataincludes\filters.php:81

filteris_wordpoints_network_activeincludes\functions.php:43

actionregistered_post_typeincludes\hooks.php:149

actionregistered_post_typeincludes\hooks.php:327

Maintenance & Trust

WordPoints Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25

Last updatedMay 8, 2018

PHP min version

Downloads33K

Community Trust

Rating100/100

Number of ratings31

Active installs100

Alternatives

WordPoints Alternatives

Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

mycred

A WordPress gamification plugin is also a points management system. Award ranks, loyalty points and rewards or WooCommerce rewards to your users.

10K 26 CVEs

Points and Rewards for WooCommerce

points-and-rewards-for-woocommerce

Points and Rewards for WooCommerce offer a reward for points to your customers for their activities & increase customer loyalty.

7K 3 CVEs

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty

wployalty

100

Create WooCommerce points and rewards program with WPLoyalty to increase customer loyalty and boost sales. Reward customers to drive repeat purchases.

3K No CVEs

MyRewards

woorewards

Free top-rated points and rewards program to retain your customers, grow your sales and get new customers.

2K 3 CVEs

myCred Toolkit – Ultimate myCred Modules To Support WordPress Gamification and Loyalty Rewards

mycred-toolkit

100

A bag of myCred addons for user engagement through WordPress & WooCommerce gamification. Get multiple free add-ons with one point rewards system.

400 No CVEs

Developer Profile

WordPoints Developer Profile

J.D. Grimes

1 plugin · 100 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WordPoints

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/wordpoints/assets/css/admin.css/wp-content/plugins/wordpoints/assets/css/components.css/wp-content/plugins/wordpoints/assets/css/dashboard.css/wp-content/plugins/wordpoints/assets/css/external-apis.css/wp-content/plugins/wordpoints/assets/css/forms.css/wp-content/plugins/wordpoints/assets/css/global.css/wp-content/plugins/wordpoints/assets/css/menus.css/wp-content/plugins/wordpoints/assets/css/modules.css+18 more

Script Paths

/wp-content/plugins/wordpoints/assets/js/admin.js/wp-content/plugins/wordpoints/assets/js/admin-notifications.js/wp-content/plugins/wordpoints/assets/js/external-apis.js/wp-content/plugins/wordpoints/assets/js/forms.js/wp-content/plugins/wordpoints/assets/js/global.js/wp-content/plugins/wordpoints/assets/js/menus.js+6 more

Version Parameters

wordpoints/assets/css/admin.css?ver=wordpoints/assets/css/components.css?ver=wordpoints/assets/css/dashboard.css?ver=wordpoints/assets/css/external-apis.css?ver=wordpoints/assets/css/forms.css?ver=wordpoints/assets/css/global.css?ver=wordpoints/assets/css/menus.css?ver=wordpoints/assets/css/modules.css?ver=wordpoints/assets/css/notifications.css?ver=wordpoints/assets/css/post-edit.css?ver=wordpoints/assets/css/screen-options.css?ver=wordpoints/assets/css/tooltips.css?ver=wordpoints/assets/css/user-edit.css?ver=wordpoints/assets/css/user-profile.css?ver=wordpoints/assets/js/admin.js?ver=wordpoints/assets/js/admin-notifications.js?ver=wordpoints/assets/js/external-apis.js?ver=wordpoints/assets/js/forms.js?ver=wordpoints/assets/js/global.js?ver=wordpoints/assets/js/menus.js?ver=wordpoints/assets/js/modules.js?ver=wordpoints/assets/js/post-edit.js?ver=wordpoints/assets/js/screen-options.js?ver=wordpoints/assets/js/tooltips.js?ver=wordpoints/assets/js/user-edit.js?ver=wordpoints/assets/js/user-profile.js?ver=

HTML / DOM Fingerprints

CSS Classes

wordpoints-admin-menuwordpoints-screen-moduleswordpoints-module-listwordpoints-button

HTML Comments

Data Attributes

data-wordpoints-module

JS Globals

WordPoints_AdminWordPoints_Admin_NotificationsWordPoints_External_APIsWordPoints_FormsWordPoints_GlobalWordPoints_Menus+6 more

FAQ