Does Zuta Lucky Wheel have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Zuta Lucky Wheel compatible with WordPress 6.9.4?

According to WordPress.org data, Zuta Lucky Wheel 1.0.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Zuta Lucky Wheel compatible with PHP 7.4+?

Zuta Lucky Wheel requires PHP 7.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Zuta Lucky Wheel updated?

Zuta Lucky Wheel was last updated on Feb 6, 2026. Frequent updates are generally a positive security signal.

What is Zuta Lucky Wheel's security score?

Zuta Lucky Wheel has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Zuta Lucky Wheel Security & Risk Analysis

wordpress.org/plugins/zuta-lucky-wheel

Turn visitors into subscribers with a professional, realistic Lucky Wheel popup. Capture leads and boost engagement with gamification.

0 active installs v1.0.0 PHP 7.4+ WP 6.2+ Updated Feb 6, 2026

lucky-wheelmarketingpopupspin-to-winwoocommerce

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Zuta Lucky Wheel Safe to Use in 2026?

Generally Safe

Score 100/100

Zuta Lucky Wheel has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 3mo ago

Risk Assessment

The zuta-lucky-wheel plugin version 1.0.0 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices by utilizing prepared statements for all SQL queries and properly escaping all output, which significantly mitigates common web vulnerabilities. It also shows an absence of known CVEs and a history free of past vulnerabilities, suggesting a generally secure development approach. However, there are notable concerns related to its attack surface and taint analysis. The presence of two AJAX handlers without authentication checks presents a direct avenue for potential unauthorized actions if these handlers are not inherently protected by WordPress's internal capabilities or other means not evident in the provided data. Furthermore, the taint analysis revealed three flows with unsanitized paths, identified as high severity. While not classified as critical, these high-severity unsanitized paths, particularly when combined with unprotected entry points, represent a significant risk that could lead to various exploits if not addressed.

Key Concerns

AJAX handlers without auth checks
High severity unsanitized paths

Vulnerabilities

None known

Zuta Lucky Wheel Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Zuta Lucky Wheel Release Timeline

v1.0.0Current

Code Analysis

Analyzed Apr 16, 2026

Zuta Lucky Wheel Code Analysis

Dangerous Functions

Raw SQL Queries

24 prepared

Unescaped Output

212 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared24 total queries

Output Escaping

100% escaped212 total outputs

Data Flows · Security

3 unsanitized

Data Flow Analysis

10 flows3 with unsanitized paths

render (includes/admin/class-zutalw-admin-display.php:70)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

2 unprotected

Zuta Lucky Wheel Attack Surface

Entry Points12

Unprotected2

AJAX Handlers 11

authwp_ajax_zutalw_getdataConfigincludes/class-zutalw-ajax.php:17

noprivwp_ajax_zutalw_getdataConfigincludes/class-zutalw-ajax.php:18

authwp_ajax_zutalw_InsCustomerincludes/class-zutalw-ajax.php:20

noprivwp_ajax_zutalw_InsCustomerincludes/class-zutalw-ajax.php:21

authwp_ajax_zutalw_popupincludes/class-zutalw-ajax.php:23

noprivwp_ajax_zutalw_popupincludes/class-zutalw-ajax.php:24

authwp_ajax_zutalw_UpdateConfigincludes/class-zutalw-ajax.php:27

authwp_ajax_zutalw_get_spin_resultincludes/class-zutalw-ajax.php:29

noprivwp_ajax_zutalw_get_spin_resultincludes/class-zutalw-ajax.php:30

authwp_ajax_zutalw_check_limitincludes/class-zutalw-frontend.php:20

noprivwp_ajax_zutalw_check_limitincludes/class-zutalw-frontend.php:21

Shortcodes 1

[zutalw_lucky_spin] includes/class-zutalw-shortcode.php:7

WordPress Hooks 10

actionadmin_initincludes/admin/class-zutalw-admin-customers.php:17

actionadmin_initincludes/admin/class-zutalw-admin-display.php:15

actionadmin_menuincludes/class-zutalw-admin.php:16

actionadmin_enqueue_scriptsincludes/class-zutalw-admin.php:17

actionwp_enqueue_scriptsincludes/class-zutalw-frontend.php:15

actionwp_footerincludes/class-zutalw-frontend.php:16

actionwp_footerincludes/class-zutalw-frontend.php:17

actionwp_footerincludes/class-zutalw-frontend.php:18

actionplugins_loadedzuta-lucky-wheel.php:100

actionplugins_loadedzuta-lucky-wheel.php:108

Maintenance & Trust

Zuta Lucky Wheel Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 6, 2026

PHP min version7.4

Downloads197

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

Zuta Lucky Wheel Alternatives

WebToffee eCommerce Marketing Automation – Email marketing, Popups, Email customizer

decorator-woocommerce-email-customizer

Create and send marketing emails and campaigns. Enable email automations, Popups, spin-a-wheel, sign-up forms, and more. Customize WooCommerce emails.

10K 2 CVEs

Hello Bar Popup Builder: Design Engaging Popups on WordPress

hellobar

Easily add a Popup to your WordPress site with the official HelloBar WordPress plugin.

3K 1 unpatched

WP Live Social-Proof

wp-real-time-social-proof

100

The best animated, live, social-proof plugin for WooCommerce, Easy Digital Downloads or webinars and subscriptions to compel buyer action.

100 No CVEs

Useinfluence

useinfluence

UseInfluence uses 'Social Proof Notifications' to give a conversion BOOST to your website's traffic. Our realtime notifications puts a …

50 1 unpatched

Splash Popup for WooCommerce

splash-popup-for-woocommerce

100

If you want to show welcome messages, links, or promos, Splash Popup for WooCommerce is a simple way to boost engagement.

40 No CVEs

Developer Profile

Zuta Lucky Wheel Developer Profile

hatazuwp

1 plugin · 0 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Zuta Lucky Wheel

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/zuta-lucky-wheel/assets/css/style.css/wp-content/plugins/zuta-lucky-wheel/assets/js/wheel.js/wp-content/plugins/zuta-lucky-wheel/assets/js/wheel-admin.js/wp-content/plugins/zuta-lucky-wheel/assets/js/vue.js/wp-content/plugins/zuta-lucky-wheel/assets/js/vue-resource.js

Script Paths

/wp-content/plugins/zuta-lucky-wheel/assets/js/wheel.js/wp-content/plugins/zuta-lucky-wheel/assets/js/wheel-admin.js/wp-content/plugins/zuta-lucky-wheel/assets/js/vue.js/wp-content/plugins/zuta-lucky-wheel/assets/js/vue-resource.js

Version Parameters

zuta-lucky-wheel/assets/css/style.css?ver=zuta-lucky-wheel/assets/js/wheel.js?ver=zuta-lucky-wheel/assets/js/wheel-admin.js?ver=zuta-lucky-wheel/assets/js/vue.js?ver=zuta-lucky-wheel/assets/js/vue-resource.js?ver=

HTML / DOM Fingerprints

CSS Classes

lucky-wheel-canvaszuta-lucky-wheel-container

HTML Comments

+6 more

Data Attributes

data-wheel-iddata-spin-targetdata-wheel-configdata-wheel-optionsdata-wheel-data

JS Globals

ZUTALW_DATAZUTALW_OPTIONSZUTALW_CONFIGZUTALW_WHEEL_DATAZUTALW_WHEEL_IDZUTALW_SPIN_TARGET+3 more

REST Endpoints

/wp-json/zuta-lucky-wheel/v1/spin/wp-json/zuta-lucky-wheel/v1/save-config/wp-json/zuta-lucky-wheel/v1/get-config

Shortcode Output

[zuta_lucky_wheel<div class="zuta-lucky-wheel-container"><div id="lucky-wheel-canvas"></div>

FAQ