Does Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty have any unpatched vulnerabilities?

No. All known vulnerabilities in Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty compatible with WordPress 6.9.4?

According to WordPress.org data, Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty 1.4.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty Security & Risk Analysis

wordpress.org/plugins/wployalty

Create WooCommerce points and rewards program with WPLoyalty to increase customer loyalty and boost sales. Reward customers to drive repeat purchases.

3K active installs v1.4.4 PHP 7.0+ WP 6.0+ Updated Mar 3, 2026

couponsloyaltypointsreferralsrewards

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty Safe to Use in 2026?

Generally Safe

Score 100/100

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago

Risk Assessment

The wployalty plugin v1.4.4 exhibits a mixed security posture. On the positive side, there are no recorded vulnerabilities (CVEs) and the code demonstrates good practices with a high percentage of properly escaped output and prepared SQL statements. The absence of taint analysis findings and dangerous functions also suggests a generally well-developed codebase. However, a significant concern arises from the substantial attack surface presented by 57 AJAX handlers that lack authentication checks. This means that any user, including unauthenticated visitors, could potentially interact with these handlers, opening the door to various types of attacks if these handlers are not inherently secure or properly validated internally. The plugin also only implements 3 capability checks and 1 nonce check across its entire entry points, which is very low given the large number of unprotected AJAX handlers.

Key Concerns

High number of unprotected AJAX handlers
Low number of capability checks
Low number of nonce checks

Vulnerabilities

None known

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty Code Analysis

Dangerous Functions

Raw SQL Queries

107 prepared

Unescaped Output

1452 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Lodash

SQL Query Safety

66% prepared163 total queries

Output Escaping

96% escaped1519 total outputs

Attack Surface

57 unprotected

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty Attack Surface

Entry Points62

Unprotected57

AJAX Handlers 57

authwp_ajax_wlpe_save_settingsApp\Apps\PointExpiry\App\Router.php:27

authwp_ajax_wlpe_update_expire_dateApp\Apps\PointExpiry\App\Router.php:28

authwp_ajax_wlr_condition_dataApp\Router.php:105

authwp_ajax_wlr_recommendation_listApp\Router.php:106

authwp_ajax_wlr_local_dataApp\Router.php:121

authwp_ajax_wlr_get_labelsApp\Router.php:122

authwp_ajax_wlr_save_onboardingApp\Router.php:134

authwp_ajax_wlr_skip_onboardingApp\Router.php:135

authwp_ajax_wlr_get_notificationApp\Router.php:147

authwp_ajax_wlr_enable_new_my_rewards_sectionApp\Router.php:148

authwp_ajax_wlr_chart_dataApp\Router.php:149

authwp_ajax_wlr_dashboard_analytic_dataApp\Router.php:150

authwp_ajax_wlr_all_customer_activitiesApp\Router.php:151

authwp_ajax_wlr_active_add_onsApp\Router.php:164

authwp_ajax_wlr_available_add_onsApp\Router.php:165

authwp_ajax_wlr_perform_addon_actionApp\Router.php:166

authwp_ajax_wlr_get_settingsApp\Router.php:178

authwp_ajax_wlr_save_settingsApp\Router.php:179

authwp_ajax_wlr_create_block_pageApp\Router.php:180

authwp_ajax_wlr_save_email_templateApp\Router.php:181

authwp_ajax_wlr_reset_email_templateApp\Router.php:182

authwp_ajax_wlr_is_any_notificationsApp\Router.php:183

authwp_ajax_wlr_get_campaignsApp\Router.php:191

authwp_ajax_wlr_delete_campaignApp\Router.php:192

authwp_ajax_wlr_toggle_campaign_activeApp\Router.php:193

authwp_ajax_wlr_bulk_action_campaignsApp\Router.php:194

authwp_ajax_wlr_duplicate_campaignApp\Router.php:195

authwp_ajax_wlr_get_campaignApp\Router.php:197

authwp_ajax_wlr_save_campaignApp\Router.php:198

authwp_ajax_wlr_get_rewardsApp\Router.php:211

authwp_ajax_wlr_delete_rewardApp\Router.php:212

authwp_ajax_wlr_bulk_action_rewardsApp\Router.php:213

authwp_ajax_wlr_toggle_reward_activeApp\Router.php:214

authwp_ajax_wlr_duplicate_rewardApp\Router.php:215

authwp_ajax_wlr_get_reward_campaignsApp\Router.php:216

authwp_ajax_wlr_free_product_optionsApp\Router.php:218

authwp_ajax_wlr_get_rewardApp\Router.php:219

authwp_ajax_wlr_save_rewardApp\Router.php:220

authwp_ajax_wlr_get_customer_listApp\Router.php:232

authwp_ajax_wlr_bulk_delete_usersApp\Router.php:233

authwp_ajax_wlr_delete_customerApp\Router.php:234

authwp_ajax_wlr_get_customer_activityApp\Router.php:235

authwp_ajax_wlr_get_customerApp\Router.php:237

authwp_ajax_wlr_update_customer_pointApp\Router.php:238

authwp_ajax_wlr_update_customer_birth_dateApp\Router.php:239

authwp_ajax_wlr_get_customer_transactionApp\Router.php:240

authwp_ajax_wlr_get_customer_rewardsApp\Router.php:241

authwp_ajax_wlr_update_reward_expiryApp\Router.php:242

authwp_ajax_wlr_admin_toggle_banned_userApp\Router.php:243

authwp_ajax_wlr_admin_enable_email_sentApp\Router.php:244

authwp_ajax_wlr_enable_email_sentApp\Router.php:246

authwp_ajax_wlr_change_reward_product_in_cartApp\Router.php:334

authwp_ajax_wlr_apply_rewardApp\Router.php:345

authwp_ajax_wlr_revoke_couponApp\Router.php:346

authwp_ajax_wlr_my_rewards_paginationApp\Router.php:347

authwp_ajax_wlr_show_loyalty_rewardsApp\Router.php:352

authwp_ajax_wlr_my_reward_section_paginationApp\Router.php:355

Shortcodes 5

[wlr_cart_earn_message] App\Controllers\Site\DisplayMessage.php:26

[wlr_cart_redeem_message] App\Controllers\Site\DisplayMessage.php:42

[wlr_thank_you_message] App\Router.php:283

[wlr_my_point_balance] App\Router.php:296

[wlr_page_content] App\Router.php:353

WordPress Hooks 124

actionwpmu_new_blogApp\Apps\PointExpiry\App\Router.php:22

filterwpmu_drop_tablesApp\Apps\PointExpiry\App\Router.php:23

actionadmin_enqueue_scriptsApp\Apps\PointExpiry\App\Router.php:24

actionadmin_menuApp\Apps\PointExpiry\App\Router.php:25

filterwlr_loyalty_appsApp\Apps\PointExpiry\App\Router.php:26

actionwlr_create_required_tableApp\Apps\PointExpiry\App\Router.php:29

filterwlr_after_add_extra_earn_point_transactionApp\Apps\PointExpiry\App\Router.php:32

filterwlr_order_return_transactionApp\Apps\PointExpiry\App\Router.php:36

filterwlr_after_save_extra_transactionApp\Apps\PointExpiry\App\Router.php:37

filterwlr_after_add_earn_point_transactionApp\Apps\PointExpiry\App\Router.php:38

filterwlr_delete_customerApp\Apps\PointExpiry\App\Router.php:41

actionwoocommerce_initApp\Apps\PointExpiry\App\Router.php:44

actionwlr_point_expire_emailApp\Apps\PointExpiry\App\Router.php:46

actionwlr_change_point_expire_statusApp\Apps\PointExpiry\App\Router.php:47

actionwlr_myaccount_page_dataApp\Apps\PointExpiry\App\Router.php:48

actionwlr_my_account_email_changeApp\Apps\PointExpiry\App\Router.php:49

actionwlr_before_customer_reward_page_ways_to_earn_contentApp\Apps\PointExpiry\App\Router.php:50

actionwlr_before_customer_reward_page_my_points_contentApp\Apps\PointExpiry\App\Router.php:54

filterwlr_loyalty_appsApp\Apps\PointExpiry\App\Router.php:60

actionwoocommerce_blocks_cart_block_registrationApp\Controllers\Site\Blocks\Blocks.php:52

actionwoocommerce_blocks_checkout_block_registrationApp\Controllers\Site\Blocks\Blocks.php:72

actionwoocommerce_store_api_checkout_update_order_from_requestApp\Controllers\Site\Blocks\Blocks.php:80

filterwoocommerce_get_price_htmlApp\Controllers\Site\DisplayMessage.php:62

actionwoocommerce_before_add_to_cart_formApp\Controllers\Site\DisplayMessage.php:65

filterwoocommerce_loop_add_to_cart_linkApp\Controllers\Site\DisplayMessage.php:66

actionwoocommerce_after_add_to_cart_buttonApp\Controllers\Site\DisplayMessage.php:72

filterwoocommerce_loop_add_to_cart_linkApp\Controllers\Site\DisplayMessage.php:76

actionwoocommerce_before_shop_loop_item_titleApp\Controllers\Site\DisplayMessage.php:82

actionwoocommerce_single_product_summaryApp\Controllers\Site\DisplayMessage.php:86

actionwoocommerce_after_shop_loop_item_titleApp\Controllers\Site\DisplayMessage.php:89

actionwoocommerce_single_product_summaryApp\Controllers\Site\DisplayMessage.php:90

actionwoocommerce_before_cartApp\Controllers\Site\DisplayMessage.php:116

actionwoocommerce_after_cart_tableApp\Controllers\Site\DisplayMessage.php:119

actionwoocommerce_before_checkout_formApp\Controllers\Site\DisplayMessage.php:146

filterwoocommerce_add_to_cart_fragmentsApp\Controllers\Site\DisplayMessage.php:151

filterwoocommerce_update_order_review_fragmentsApp\Controllers\Site\DisplayMessage.php:152

actionwoocommerce_before_cartApp\Controllers\Site\DisplayMessage.php:169

actionwoocommerce_after_cart_tableApp\Controllers\Site\DisplayMessage.php:172

actionwoocommerce_before_checkout_formApp\Controllers\Site\DisplayMessage.php:195

actionwoocommerce_before_thankyouApp\Controllers\Site\DisplayMessage.php:212

actionwoocommerce_thankyouApp\Controllers\Site\DisplayMessage.php:215

filterwoocommerce_email_classesApp\Controllers\Site\LoyaltyMail.php:22

filterwoocommerce_template_directoryApp\Controllers\Site\LoyaltyMail.php:23

actionwoocommerce_email_settings_afterApp\Controllers\Site\LoyaltyMail.php:43

actionwoocommerce_account_menu_itemsApp\Controllers\Site\MyAccount.php:23

filterwoocommerce_account_menu_item_classesApp\Controllers\Site\MyAccount.php:27

actionwoocommerce_account_loyalty_reward_endpointApp\Controllers\Site\MyAccount.php:29

filterwoocommerce_get_query_varsApp\Controllers\Site\MyAccount.php:106

filterplugin_localeApp\Emails\Traits\Common.php:17

actionwlr_notify_after_add_earn_pointApp\Emails\WlrBirthdayEmail.php:48

actionwlr_notify_after_add_earn_rewardApp\Emails\WlrBirthdayEmail.php:49

actionwlr_notify_after_add_earn_pointApp\Emails\WlrEarnPointEmail.php:42

actionwlr_notify_after_add_earn_rewardApp\Emails\WlrEarnRewardEmail.php:46

actionwlr_notify_send_expire_emailApp\Emails\WlrExpireEmail.php:40

actionwlr_after_user_level_changedApp\Emails\WlrNewLevelEmail.php:38

actionwlr_notify_send_expire_point_emailApp\Emails\WlrPointExpireEmail.php:42

filterwlr_default_product_priceApp\Integrations\MultiCurrency\MultiCurrency.php:21

filterwlr_product_priceApp\Integrations\MultiCurrency\MultiCurrency.php:22

filterwlr_current_currencyApp\Integrations\MultiCurrency\MultiCurrency.php:23

filterwlr_convert_to_default_currencyApp\Integrations\MultiCurrency\MultiCurrency.php:24

filtersafe_style_cssApp\Router.php:39

filterwp_kses_allowed_htmlApp\Router.php:44

actionplugins_loadedApp\Router.php:62

actioninitApp\Router.php:63

actioninitApp\Router.php:64

actionpermalink_structure_changedApp\Router.php:66

actionwoocommerce_loadedApp\Router.php:76

actionadmin_menuApp\Router.php:94

actionnetwork_admin_menuApp\Router.php:95

actionadmin_enqueue_scriptsApp\Router.php:100

filterscript_loader_tagApp\Router.php:101

actionadmin_footerApp\Router.php:102

filterwlr_user_level_idApp\Router.php:249

filtersend_email_change_emailApp\Router.php:251

actionwoocommerce_initApp\Router.php:261

actionwlr_expire_emailApp\Router.php:263

actionwlr_change_expire_statusApp\Router.php:264

actionwlr_update_ledger_pointApp\Router.php:265

actionwlr_notification_remind_meApp\Router.php:266

filterwlt_dynamic_string_listApp\Router.php:267

filterwlt_loyalty_domain_listApp\Router.php:268

actioninitApp\Router.php:282

actionwp_enqueue_scriptsApp\Router.php:293

actionwoocommerce_checkout_update_order_metaApp\Router.php:295

actionwp_footerApp\Router.php:297

actionwoocommerce_before_cartApp\Router.php:307

actionwoocommerce_before_checkout_formApp\Router.php:308

actionwoocommerce_removed_couponApp\Router.php:309

filterwoocommerce_checkout_create_order_line_item_objectApp\Router.php:311

actionwoocommerce_order_item_display_meta_keyApp\Router.php:316

actionwoocommerce_cart_item_quantityApp\Router.php:321

actionwoocommerce_cart_item_remove_linkApp\Router.php:322

actionwoocommerce_get_item_dataApp\Router.php:323

actionwoocommerce_after_cart_item_nameApp\Router.php:325

actionwoocommerce_before_cartApp\Router.php:330

actionwoocommerce_before_calculate_totalsApp\Router.php:331

actionwoocommerce_after_cart_item_nameApp\Router.php:332

actionwoocommerce_before_order_itemmetaApp\Router.php:333

filterwoocommerce_coupon_get_discount_amountApp\Router.php:369

actionwp_loadedApp\Router.php:374

actionwoocommerce_coupon_is_validApp\Router.php:375

actionwoocommerce_coupon_errorApp\Router.php:376

actionwoocommerce_initApp\Router.php:377

filterwoocommerce_cart_totals_coupon_labelApp\Router.php:378

actionwoocommerce_new_orderApp\Router.php:379

actionwoocommerce_update_orderApp\Router.php:380

actionwoocommerce_order_status_changedApp\Router.php:381

actionbefore_delete_postApp\Router.php:382

actionwp_trash_postApp\Router.php:383

actionwoocommerce_order_status_changedApp\Router.php:396

filterwlr_earn_point_point_for_purchaseApp\Router.php:398

filterwlr_earn_coupon_point_for_purchaseApp\Router.php:399

actionuser_registerApp\Router.php:402

actionwp_loginApp\Router.php:403

actionplugins_loadedApp\Router.php:412

actionwoocommerce_check_cart_itemsApp\Router.php:413

actionwpmu_new_blogApp\Setup.php:29

filterwpmu_drop_tablesApp\Setup.php:30

actionplugins_loadedApp\Setup.php:31

actionupgrader_process_completeApp\Setup.php:32

filterdbdelta_create_queriesApp\Setup.php:33

actionbefore_woocommerce_initwp-loyalty-rules-lite.php:34

actionall_admin_noticeswp-loyalty-rules-lite.php:84

filterextra_plugin_headerswp-loyalty-rules-lite.php:104

Maintenance & Trust

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 3, 2026

PHP min version7.0

Downloads44K

Community Trust

Rating100/100

Number of ratings239

Active installs3K

Alternatives

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty Alternatives

MyRewards

woorewards

Free top-rated points and rewards program to retain your customers, grow your sales and get new customers.

3K 2 CVEs

RewardsWP – Loyalty Points & Referral Program for WooCommerce

rewardswp

100

Turn customers into brand advocates with loyalty points and referral programs for WooCommerce and Easy Digital Downloads.

90 No CVEs

XT Points & Rewards for WooCommerce

xt-woo-points-rewards

Points and Rewards for WooCommerce that lets you reward your customers for purchases and other actions with points that can be redeemed for discounts.

90 No CVEs

Loyalty for WooCommerce – Points and Rewards / Loyalty Program

loyalty-for-woocommerce

100

Create a flexible loyalty and rewards program for WooCommerce—reward customers with points, increase retention, and grow repeat sales.

10 No CVEs

Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred

mycred

A WordPress gamification plugin is also a points management system. Award ranks, loyalty points and rewards or WooCommerce rewards to your users.

10K 1 unpatched

Developer Profile

Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty Developer Profile

flycart

4 plugins · 108K total installs

trust score

Avg Security Score

94/100

Avg Patch Time

829 days

View full developer profile

Detection Fingerprints

How We Detect Loyalty Points Rewards and Referral for WooCommerce – WPLoyalty

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

FAQ