WP-Safety

XT Points & Rewards for WooCommerce Security & Risk Analysis

wordpress.org/plugins/xt-woo-points-rewards

Points and Rewards for WooCommerce that lets you reward your customers for purchases and other actions with points that can be redeemed for discounts.

90 active installs v1.7.8 PHP 5.4+ WP 4.6+ Updated Mar 10, 2025
points-rewardswoocommerce-couponswoocommerce-loyaltywoocommerce-pointswoocommerce-rewards
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is XT Points & Rewards for WooCommerce Safe to Use in 2026?

Generally Safe

Score 92/100

XT Points & Rewards for WooCommerce has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The "xt-woo-points-rewards" v1.7.8 plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query sanitization (73% prepared) and output escaping (91%), significant concerns arise from its attack surface. Four out of five AJAX handlers lack authentication checks, presenting a substantial risk for unauthorized actions if these handlers process user-supplied data without proper validation. The taint analysis, although not revealing critical or high-severity vulnerabilities, shows eight flows with unsanitized paths, which, when combined with the unprotected AJAX endpoints, could potentially lead to vulnerabilities like cross-site scripting (XSS) or insecure direct object references (IDOR) if user input is not handled with extreme care within these flows.

The plugin's vulnerability history is a significant positive, with zero recorded CVEs of any severity. This suggests a history of stable code and diligent security practices by the developers, or at least a lack of discovered exploitable flaws. However, the presence of unsanitized paths in the taint analysis and the unprotected AJAX endpoints are concerning indicators that warrant attention despite the clean vulnerability record. The bundled libraries, Select2 and Freemius v1.0, are standard and unlikely to pose immediate risks unless they are outdated versions not specified here.

In conclusion, the plugin has strong points regarding SQL and output handling, and an excellent vulnerability history. However, the substantial attack surface exposed through unprotected AJAX endpoints, coupled with identified unsanitized paths in taint analysis, creates a clear and present risk. Developers should prioritize implementing robust authentication and authorization checks on all AJAX handlers and meticulously sanitize all data processed through these potentially vulnerable entry points.

Key Concerns

  • AJAX handlers without auth checks
  • Flows with unsanitized paths
  • SQL queries without prepared statements
  • Bundled libraries (Freemius v1.0)
Vulnerabilities
None known

XT Points & Rewards for WooCommerce Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

XT Points & Rewards for WooCommerce Code Analysis

Dangerous Functions
0
Raw SQL Queries
7
19 prepared
Unescaped Output
101
1065 escaped
Nonce Checks
7
Capability Checks
1
File Operations
4
External Requests
5
Bundled Libraries
2

Bundled Libraries

Select2Freemius1.0

SQL Query Safety

73% prepared26 total queries

Output Escaping

91% escaped1166 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

9 flows8 with unsanitized paths
extra_tablenav (admin\class-manage-points-list-table.php:364)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
4 unprotected

XT Points & Rewards for WooCommerce Attack Surface

Entry Points5
Unprotected4

AJAX Handlers 5

authwp_ajax_xt_woopr_apply_discountpublic\class-cart-checkout.php:70
authwp_ajax_xirki_fonts_google_all_getxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-fonts-google.php:83
noprivwp_ajax_xirki_fonts_google_all_getxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-fonts-google.php:84
authwp_ajax_xirki_fonts_standard_all_getxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-fonts-google.php:85
noprivwp_ajax_xirki_fonts_standard_all_getxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-fonts-google.php:86
WordPress Hooks 218
actionwoocommerce_product_options_general_product_dataadmin\class-admin-product.php:52
actionwoocommerce_product_after_variable_attributesadmin\class-admin-product.php:55
actionproduct_cat_add_form_fieldsadmin\class-admin-product.php:63
actionproduct_cat_edit_form_fieldsadmin\class-admin-product.php:65
actionadmin_print_footer_scriptsadmin\class-admin-product.php:285
actionadmin_noticesadmin\class-admin.php:92
actionin_admin_headeradmin\class-admin.php:94
filterset-screen-optionadmin\class-admin.php:95
filtermanage_woocommerce_page_xt_woopr_columnsadmin\class-admin.php:101
actionwoocommerce_admin_order_totals_after_shippingadmin\class-admin.php:129
actionwoocommerce_coupon_optionsadmin\class-admin.php:132
filterwoocommerce_debug_toolsadmin\class-admin.php:134
actionadmin_enqueue_scriptsadmin\class-admin.php:707
actionpre_user_queryadmin\class-manage-points-list-table.php:276
actionafter_switch_themeclass-core.php:54
filterinitpublic\class-cart-checkout.php:42
filterwoocommerce_cart_totals_coupon_labelpublic\class-cart-checkout.php:47
actionwoocommerce_cart_loaded_from_sessionpublic\class-cart-checkout.php:49
actionxt_woofc_after_noticespublic\class-cart-checkout.php:51
actionwoocommerce_order_details_after_order_tablepublic\class-cart-checkout.php:57
actionwoocommerce_email_after_order_tablepublic\class-cart-checkout.php:63
filterwoocommerce_add_to_cart_fragmentspublic\class-cart-checkout.php:72
filterwoocommerce_update_order_review_fragmentspublic\class-cart-checkout.php:78
filterbody_classpublic\class-cart-checkout.php:84
actionwoocommerce_order_status_processingpublic\class-order.php:41
actionwoocommerce_order_status_completedpublic\class-order.php:42
actionwoocommerce_order_status_on-holdpublic\class-order.php:43
actionwoocommerce_order_status_pre-orderedpublic\class-order.php:45
actionwoocommerce_checkout_order_processedpublic\class-order.php:46
actionwoocommerce_order_status_cancelledpublic\class-order.php:48
actionwoocommerce_order_status_refundedpublic\class-order.php:49
actionwoocommerce_order_status_failedpublic\class-order.php:50
actionwoocommerce_order_partially_refundedpublic\class-order.php:51
filterwcs_renewal_order_meta_querypublic\class-order.php:57
actionwoocommerce_before_add_to_cart_formpublic\class-product.php:44
actionwoocommerce_before_single_variationpublic\class-product.php:46
filterwoocommerce_available_variationpublic\class-product.php:48
actionwoocommerce_delete_product_transientspublic\class-product.php:55
filterwoocommerce_show_variation_pricepublic\class-product.php:56
actionwp_enqueue_scriptspublic\class-public.php:91
actionwp_enqueue_scriptspublic\class-public.php:92
actioninitpublic\class-public.php:94
actionxt_woopr_activatepublic\class-public.php:95
actionxt_woopr_deactivatepublic\class-public.php:96
actionwoocommerce_account_menu_itemspublic\class-public.php:97
actiondelete_userpublic\class-public.php:100
filterxt_woopr_shop_render_messages_hook_namepublic\class-woodmart-support.php:15
actionafter_setup_themepublic\class-woodmart-support.php:26
filterxt_woopr_filter_amountpublic\functions-woocs-support.php:31
filterxt_woopr_filter_monetary_valuepublic\functions-woocs-support.php:38
actionxtfw_plugins_loadedxt-framework\includes\admin-tabs\class-admin-tabs.php:46
actionadmin_menuxt-framework\includes\admin-tabs\class-admin-tabs.php:58
actionnetwork_admin_menuxt-framework\includes\admin-tabs\class-admin-tabs.php:59
actionadmin_enqueue_scriptsxt-framework\includes\admin-tabs\class-admin-tabs.php:66
actionadmin_enqueue_scriptsxt-framework\includes\admin-tabs\class-admin-tabs.php:67
actionadmin_body_classxt-framework\includes\admin-tabs\class-admin-tabs.php:68
filteradmin_footer_textxt-framework\includes\admin-tabs\class-admin-tabs.php:69
filterupdate_footerxt-framework\includes\admin-tabs\class-admin-tabs.php:70
filtercustom_menu_orderxt-framework\includes\admin-tabs\class-framework-tabs.php:30
filtermenu_orderxt-framework\includes\admin-tabs\class-framework-tabs.php:31
filtertemplates/account.phpxt-framework\includes\admin-tabs\class-plugin-tabs.php:39
filtertemplates/pricing.phpxt-framework\includes\admin-tabs\class-plugin-tabs.php:40
filtertemplates/checkout.phpxt-framework\includes\admin-tabs\class-plugin-tabs.php:41
filtertemplates/add-ons.phpxt-framework\includes\admin-tabs\class-plugin-tabs.php:42
filtertemplates/contact.phpxt-framework\includes\admin-tabs\class-plugin-tabs.php:43
filter/forms/affiliation.phpxt-framework\includes\admin-tabs\class-plugin-tabs.php:44
actioninitxt-framework\includes\class-ajax.php:48
actioninitxt-framework\includes\class-ajax.php:49
actiontemplate_redirectxt-framework\includes\class-ajax.php:50
actionxtfw_plugins_loadedxt-framework\includes\class-base-hooks.php:32
actionafter_uninstallxt-framework\includes\class-base-hooks.php:36
actionadmin_initxt-framework\includes\class-conflicts-check.php:46
actionplugins_loadedxt-framework\includes\class-framework.php:332
actionplugins_loadedxt-framework\includes\class-framework.php:333
actionbefore_woocommerce_initxt-framework\includes\class-framework.php:371
actionadmin_enqueue_scriptsxt-framework\includes\class-framework.php:411
actionadmin_enqueue_scriptsxt-framework\includes\class-framework.php:412
actionwp_enqueue_scriptsxt-framework\includes\class-framework.php:430
filterhide_account_tabsxt-framework\includes\class-framework.php:701
filteris_submenu_visiblext-framework\includes\class-framework.php:702
filtercheckout/purchaseCompletedxt-framework\includes\class-framework.php:708
filtertemplates/checkout.phpxt-framework\includes\class-framework.php:709
filterfreemius_pricing_js_pathxt-framework\includes\class-framework.php:710
filterhide_freemius_powered_byxt-framework\includes\class-framework.php:711
filterhide_billing_and_payments_infoxt-framework\includes\class-framework.php:712
filterplugin_iconxt-framework\includes\class-framework.php:713
actionplugins_loadedxt-framework\includes\class-i18n.php:32
actioninitxt-framework\includes\class-migration.php:56
actionadmin_enqueue_scriptsxt-framework\includes\class-recommended-plugins.php:59
filterxtfw_admin_tabsxt-framework\includes\class-recommended-plugins.php:60
filterinstall_plugins_tabsxt-framework\includes\class-recommended-plugins.php:61
filterplugins_api_resultxt-framework\includes\class-recommended-plugins.php:65
filterself_admin_urlxt-framework\includes\class-recommended-plugins.php:242
filtersite_transient_update_pluginsxt-framework\includes\class-recommended-plugins.php:254
actionxtfw_admin_inline_scriptsxt-framework\includes\class-review-notice.php:81
actioninitxt-framework\includes\class-review-notice.php:92
filterxtfw_admin_tabsxt-framework\includes\class-system-status.php:88
filterxtfw_global_menu_badgesxt-framework\includes\class-system-status.php:89
actionupgrader_process_completext-framework\includes\class-system-status.php:90
actionafter_switch_themext-framework\includes\class-system-status.php:91
actionxtfw_plugins_loadedxt-framework\includes\class-system-status.php:93
actionadmin_enqueue_scriptsxt-framework\includes\class-system-status.php:183
actioninitxt-framework\includes\class-wc-ajax.php:49
actionwp_enqueue_scriptsxt-framework\includes\class-woocommerce.php:16
actionflatsome_woocommerce_shop_loop_imagesxt-framework\includes\class-woocommerce.php:20
actionflatsome_woocommerce_shop_loop_imagesxt-framework\includes\class-woocommerce.php:21
actionwoocommerce_before_shop_loop_item_titlext-framework\includes\class-woocommerce.php:25
actionwoocommerce_before_shop_loop_item_titlext-framework\includes\class-woocommerce.php:26
filterxirki/control_typesxt-framework\includes\customizer\class-customizer-controls.php:21
filterxirki_telemetryxt-framework\includes\customizer\class-customizer.php:56
actioncustomize_registerxt-framework\includes\customizer\class-customizer.php:86
actioncustomize_preview_initxt-framework\includes\customizer\class-customizer.php:88
actioncustomize_controls_enqueue_scriptsxt-framework\includes\customizer\class-customizer.php:89
filterwp_check_filetype_and_extxt-framework\includes\customizer\class-customizer.php:91
filterbody_classxt-framework\includes\customizer\class-customizer.php:93
actioncustomize_controls_print_footer_scriptsxt-framework\includes\customizer\xirki\controls\class-xirki-controls.php:54
actionafter_setup_themext-framework\includes\customizer\xirki\core\class-xirki-init.php:42
actionwp_loadedxt-framework\includes\customizer\xirki\core\class-xirki-init.php:43
filterxirki_control_typesxt-framework\includes\customizer\xirki\core\class-xirki-init.php:44
actioncustomize_registerxt-framework\includes\customizer\xirki\core\class-xirki-init.php:46
actioncustomize_registerxt-framework\includes\customizer\xirki\core\class-xirki-init.php:47
actioncustomize_registerxt-framework\includes\customizer\xirki\core\class-xirki-init.php:48
actionadmin_noticesxt-framework\includes\customizer\xirki\core\class-xirki-init.php:50
actionadmin_initxt-framework\includes\customizer\xirki\core\class-xirki-init.php:51
actioncustomize_registerxt-framework\includes\customizer\xirki\core\class-xirki-init.php:124
actioncustomize_registerxt-framework\includes\customizer\xirki\core\class-xirki-init.php:125
actioncustomize_registerxt-framework\includes\customizer\xirki\core\class-xirki-init.php:126
actioncustomize_registerxt-framework\includes\customizer\xirki\core\class-xirki-init.php:127
actionplugins_loadedxt-framework\includes\customizer\xirki\core\class-xirki-l10n.php:44
filteroverride_load_textdomainxt-framework\includes\customizer\xirki\core\class-xirki-l10n.php:50
actionafter_setup_themext-framework\includes\customizer\xirki\core\class-xirki-modules.php:45
actionafter_setup_themext-framework\includes\customizer\xirki\core\class-xirki-modules.php:46
actioncustomize_controls_print_footer_scriptsxt-framework\includes\customizer\xirki\core\class-xirki-sections.php:25
filterhttp_request_argsxt-framework\includes\customizer\xirki\core\class-xirki-util.php:25
filterxirki_values_get_valuext-framework\includes\customizer\xirki\core\class-xirki-values.php:28
filterxirki_configxt-framework\includes\customizer\xirki\deprecated\filters.php:4
filterxirki_control_typesxt-framework\includes\customizer\xirki\deprecated\filters.php:8
filterxirki_section_typesxt-framework\includes\customizer\xirki\deprecated\filters.php:12
filterxirki_section_types_excludext-framework\includes\customizer\xirki\deprecated\filters.php:16
filterxirki_control_types_excludext-framework\includes\customizer\xirki\deprecated\filters.php:20
filterxirki_controlsxt-framework\includes\customizer\xirki\deprecated\filters.php:24
filterxirki_fieldsxt-framework\includes\customizer\xirki\deprecated\filters.php:28
filterxirki_modulesxt-framework\includes\customizer\xirki\deprecated\filters.php:32
filterxirki_panel_typesxt-framework\includes\customizer\xirki\deprecated\filters.php:36
filterxirki_setting_typesxt-framework\includes\customizer\xirki\deprecated\filters.php:40
filterxirki_variablext-framework\includes\customizer\xirki\deprecated\filters.php:44
filterxirki_values_get_valuext-framework\includes\customizer\xirki\deprecated\filters.php:48
actioninitxt-framework\includes\customizer\xirki\deprecated\filters.php:52
filterxirki_enqueue_google_fontsxt-framework\includes\customizer\xirki\deprecated\filters.php:82
filterxirki_styles_arrayxt-framework\includes\customizer\xirki\deprecated\filters.php:86
filterxirki_dynamic_css_methodxt-framework\includes\customizer\xirki\deprecated\filters.php:90
filterxirki_postmessage_scriptxt-framework\includes\customizer\xirki\deprecated\filters.php:94
filterxirki_fonts_allxt-framework\includes\customizer\xirki\deprecated\filters.php:98
filterxirki_fonts_standard_fontsxt-framework\includes\customizer\xirki\deprecated\filters.php:102
filterxirki_fonts_google_fontsxt-framework\includes\customizer\xirki\deprecated\filters.php:106
filterxirki_googlefonts_load_methodxt-framework\includes\customizer\xirki\deprecated\filters.php:110
actioninitxt-framework\includes\customizer\xirki\modules\css\class-xirki-modules-css.php:61
actionenqueue_block_editor_assetsxt-framework\includes\customizer\xirki\modules\css\class-xirki-modules-css.php:95
actionwpxt-framework\includes\customizer\xirki\modules\css\class-xirki-modules-css.php:97
actionwp_enqueue_scriptsxt-framework\includes\customizer\xirki\modules\css\class-xirki-modules-css.php:105
actionwp_headxt-framework\includes\customizer\xirki\modules\css\class-xirki-modules-css.php:107
actioninitxt-framework\includes\customizer\xirki\modules\css-vars\class-xirki-modules-css-vars.php:55
actionwp_headxt-framework\includes\customizer\xirki\modules\css-vars\class-xirki-modules-css-vars.php:56
actionadmin_headxt-framework\includes\customizer\xirki\modules\css-vars\class-xirki-modules-css-vars.php:57
actioncustomize_preview_initxt-framework\includes\customizer\xirki\modules\css-vars\class-xirki-modules-css-vars.php:58
filterxirki_section_typesxt-framework\includes\customizer\xirki\modules\custom-sections\class-xirki-modules-custom-sections.php:43
filterxirki_panel_typesxt-framework\includes\customizer\xirki\modules\custom-sections\class-xirki-modules-custom-sections.php:46
actioncustomize_registerxt-framework\includes\customizer\xirki\modules\custom-sections\class-xirki-modules-custom-sections.php:49
actioncustomize_controls_enqueue_scriptsxt-framework\includes\customizer\xirki\modules\custom-sections\class-xirki-modules-custom-sections.php:52
actioncustomize_controls_print_scriptsxt-framework\includes\customizer\xirki\modules\customizer-branding\class-xirki-modules-customizer-branding.php:42
actioncustomize_controls_print_stylesxt-framework\includes\customizer\xirki\modules\customizer-styling\class-xirki-modules-customizer-styling.php:42
actioncustomize_controls_enqueue_scriptsxt-framework\includes\customizer\xirki\modules\field-dependencies\class-xirki-modules-field-dependencies.php:40
actionadmin_initxt-framework\includes\customizer\xirki\modules\gutenberg\class-xirki-modules-gutenberg.php:86
actionafter_setup_themext-framework\includes\customizer\xirki\modules\gutenberg\class-xirki-modules-gutenberg.php:129
filterblock_editor_settings_allxt-framework\includes\customizer\xirki\modules\gutenberg\class-xirki-modules-gutenberg.php:130
actioncustomize_controls_enqueue_scriptsxt-framework\includes\customizer\xirki\modules\icons\class-xirki-modules-icons.php:48
actioninitxt-framework\includes\customizer\xirki\modules\loading\class-xirki-modules-loading.php:33
actionwp_footerxt-framework\includes\customizer\xirki\modules\loading\class-xirki-modules-loading.php:69
actionwp_headxt-framework\includes\customizer\xirki\modules\loading\class-xirki-modules-loading.php:70
actioncustomize_preview_initxt-framework\includes\customizer\xirki\modules\post-meta\class-xirki-modules-post-meta.php:46
actioncustomize_controls_enqueue_scriptsxt-framework\includes\customizer\xirki\modules\post-meta\class-xirki-modules-post-meta.php:47
actionwp_enqueue_scriptsxt-framework\includes\customizer\xirki\modules\post-meta\class-xirki-modules-post-meta.php:67
actioncustomize_preview_initxt-framework\includes\customizer\xirki\modules\postmessage\class-xirki-modules-postmessage.php:40
actioncustomize_controls_print_footer_scriptsxt-framework\includes\customizer\xirki\modules\preset\class-xirki-modules-preset.php:40
actioncustomize_registerxt-framework\includes\customizer\xirki\modules\selective-refresh\class-xirki-modules-selective-refresh.php:34
actioninitxt-framework\includes\customizer\xirki\modules\telemetry\class-xirki-modules-telemetry.php:46
actionadmin_noticesxt-framework\includes\customizer\xirki\modules\telemetry\class-xirki-modules-telemetry.php:47
actionwp_footerxt-framework\includes\customizer\xirki\modules\telemetry\class-xirki-modules-telemetry.php:78
actioncustomize_controls_print_footer_scriptsxt-framework\includes\customizer\xirki\modules\tooltips\class-xirki-modules-tooltips.php:49
actionwp_headxt-framework\includes\customizer\xirki\modules\webfont-loader\class-xirki-modules-webfont-loader.php:51
actionadmin_enqueue_scriptsxt-framework\includes\customizer\xirki\modules\webfont-loader\class-xirki-modules-webfont-loader.php:52
actionwp_headxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-modules-webfonts-async.php:69
actionwp_headxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-modules-webfonts-async.php:70
actionadmin_enqueue_scriptsxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-modules-webfonts-async.php:73
actionadmin_enqueue_scriptsxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-modules-webfonts-async.php:74
filterwp_resource_hintsxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-modules-webfonts-async.php:76
actionwpxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-modules-webfonts-embed.php:69
filterwp_resource_hintsxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-modules-webfonts-embed.php:70
actionxirki_dynamic_cssxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-modules-webfonts-embed.php:82
actionwp_loadedxt-framework\includes\customizer\xirki\modules\webfonts\class-xirki-modules-webfonts.php:54
actionadmin_footerxt-framework\includes\functions-essential.php:566
actionwp_footerxt-framework\includes\functions-essential.php:567
filterwp_kses_allowed_htmlxt-framework\includes\functions-wp-filters.php:14
filteroption_woocommerce_enable_ajax_add_to_cartxt-framework\includes\modules\add-to-cart\module-add-to-cart.php:56
filteroption_woocommerce_cart_redirect_after_addxt-framework\includes\modules\add-to-cart\module-add-to-cart.php:59
filterwoocommerce_add_to_cart_redirectxt-framework\includes\modules\add-to-cart\module-add-to-cart.php:62
actioninitxt-framework\includes\modules\add-to-cart\module-add-to-cart.php:65
actionwp_enqueue_scriptsxt-framework\includes\modules\add-to-cart\module-add-to-cart.php:87
actionbody_classxt-framework\includes\modules\add-to-cart\module-add-to-cart.php:90
filterwoocommerce_add_to_cart_fragmentsxt-framework\includes\modules\add-to-cart\module-add-to-cart.php:281
actionwoocommerce_after_shop_loop_itemxt-framework\includes\modules\add-to-cart\module-add-to-cart.php:376
actioninitxt-framework\includes\notices\class-notices.php:76
filterwp_redirectxt-framework\includes\notices\class-notices.php:77
actionadmin_noticesxt-framework\includes\notices\class-notices.php:81
actionadmin_enqueue_scriptsxt-framework\includes\notices\class-notices.php:82
actionwp_enqueue_scriptsxt-framework\includes\notices\class-notices.php:86
actionadmin_enqueue_scriptsxt-framework\includes\settings\class-settings.php:1414
actionadmin_body_classxt-framework\includes\settings\class-settings.php:1415

Scheduled Events 1

xt_woopr_expire_points_daily
Maintenance & Trust

XT Points & Rewards for WooCommerce Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 10, 2025
PHP min version5.4
Downloads17K

Community Trust

Rating90/100
Number of ratings13
Active installs90
Alternatives

XT Points & Rewards for WooCommerce Alternatives

LoyaltyX – Points and Rewards for WooCommerce – Build Customer Loyalty Program and Reward Purchases

LoyaltyX – Points and Rewards for WooCommerce – Build Customer Loyalty Program and Reward Purchases

loyaltyx-points-and-rewards-for-woocommerce

A
100

Add a WooCommerce points and rewards program to your store. Customers earn points on every purchase and redeem them for discounts on cart & checkout.

10 No CVEs
Smart Coupons For WooCommerce Coupons

Smart Coupons For WooCommerce Coupons

wt-smart-coupons-for-woocommerce

A
99

Best WooCommerce coupons plugin to create advanced coupons and discount codes with auto-apply, BOGO, free shipping, giveaways, and discount rules.

30K 1 CVE
Advanced Coupons for WooCommerce Coupons & Store Credit

Advanced Coupons for WooCommerce Coupons & Store Credit

advanced-coupons-for-woocommerce-free

A
96

Enhance WooCommerce coupons with new coupon types, BOGO coupons, store credit, discount rules, url coupons, gift cards, loyalty program + more!

20K 2 CVEs
Power Coupons for WooCommerce

Power Coupons for WooCommerce

power-coupons

A
100

WordPress coupon plugin for WooCommerce that auto-applies discounts with flexible rules and dynamic cart incentives—no codes required.

2K No CVEs
Coupon By Roles For WooCommerce

Coupon By Roles For WooCommerce

coupon-by-roles-for-woocommerce

A
85

The Coupon By Roles For WooCommerce plugin gives you more control over how you use coupons, making them smart and better. It’s a lightweight WooCommer …

100 No CVEs
Developer Profile

XT Points & Rewards for WooCommerce Developer Profile

XplodedThemes

6 plugins · 47K total installs

75
trust score
Avg Security Score
94/100
Avg Patch Time
268 days
View full developer profile
Detection Fingerprints

How We Detect XT Points & Rewards for WooCommerce

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/xt-woo-points-rewards/assets/css/admin.css/wp-content/plugins/xt-woo-points-rewards/assets/css/public.css/wp-content/plugins/xt-woo-points-rewards/assets/js/admin.js/wp-content/plugins/xt-woo-points-rewards/assets/js/public.js
Script Paths
/wp-content/plugins/xt-woo-points-rewards/assets/js/admin.js/wp-content/plugins/xt-woo-points-rewards/assets/js/public.js
Version Parameters
/wp-content/plugins/xt-woo-points-rewards/assets/css/admin.css?ver=/wp-content/plugins/xt-woo-points-rewards/assets/css/public.css?ver=/wp-content/plugins/xt-woo-points-rewards/assets/js/admin.js?ver=/wp-content/plugins/xt-woo-points-rewards/assets/js/public.js?ver=

HTML / DOM Fingerprints

CSS Classes
xt-woo-points-rewards-admin-wrap
Data Attributes
data-xt-woopr-ajax-urldata-xt-woopr-ajax-nonce
JS Globals
xt_woopr_vars
FAQ

Frequently Asked Questions about XT Points & Rewards for WooCommerce