Does AM Cookies have any unpatched vulnerabilities?

No. All known vulnerabilities in AM Cookies have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is AM Cookies compatible with WordPress 6.9.4?

According to WordPress.org data, AM Cookies 1.2.12 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is AM Cookies compatible with PHP 7.2+?

AM Cookies requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is AM Cookies updated?

AM Cookies was last updated on Unknown. Frequent updates are generally a positive security signal.

What is AM Cookies's security score?

AM Cookies has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

AM Cookies Security & Risk Analysis

wordpress.org/plugins/am-cookies

Simple and versatile GDPR compatible Cookie Compliance Plugin for WordPress.

0 active installs v1.2.12 PHP 7.2+ WP 5.9+ Updated Unknown

analyticscookiesgdprretargettingtracking

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is AM Cookies Safe to Use in 2026?

Generally Safe

Score 100/100

AM Cookies has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "am-cookies" plugin version 1.2.12 exhibits a generally good security posture in several key areas. Static analysis reveals a complete absence of dangerous functions, SQL queries not using prepared statements, and all output is properly escaped. The plugin also does not perform file operations or make external HTTP requests, further limiting potential attack vectors. There is no recorded vulnerability history, indicating a mature and well-maintained codebase.

However, a significant concern arises from the identified attack surface. The plugin exposes two REST API routes without any permission callbacks. This means that any unauthenticated user can potentially interact with these endpoints, creating a serious security risk if these endpoints handle sensitive data or perform actions that could be exploited. While taint analysis shows no identified issues, the lack of authentication on REST API routes is a critical oversight that bypasses standard WordPress security practices.

In conclusion, while "am-cookies" demonstrates strong coding hygiene in many aspects, the unprotected REST API endpoints are a major weakness. This needs immediate attention to implement proper permission checks. The lack of historical vulnerabilities is a positive sign, but the current attack surface presents a clear and present danger that overshadows the other positive findings.

Key Concerns

REST API routes exposed without permission checks

Vulnerabilities

None known

AM Cookies Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

AM Cookies Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

28 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped28 total outputs

Attack Surface

2 unprotected

AM Cookies Attack Surface

Entry Points2

Unprotected2

REST API Routes 2

GET/wp-json/am-cookies-settings/v1/optionsincludes\rest-api.php:27

POST/wp-json/am-cookies-settings/v1/optionsincludes\rest-api.php:40

WordPress Hooks 5

actionadmin_menuincludes\admin.php:17

actionadmin_enqueue_scriptsincludes\admin.php:18

actionwp_enqueue_scriptsincludes\frontend.php:9

actionwp_body_openincludes\frontend.php:78

actionrest_api_initincludes\rest-api.php:17

Maintenance & Trust

AM Cookies Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedUnknown

PHP min version7.2

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs0

Alternatives

AM Cookies Alternatives

Goolytics – Simple Google Analytics

goolytics-simple-google-analytics

100

A simple Google Analytics solution that works without slowing down your WordPress installation.

4K 1 CVE

etracker analytics

etracker

100

Consent-free, despite ad blockers and tracking prevention: Web analytics, tag and consent manager for best data quality, ad returns and conversions.

1K No CVEs

SV Tracking Manager

sv-tracking-manager

SV Tracking Manager allows you to implement tracking scripts on your website - GDPR (DSGVO) compatible with Usercentrics support.

1K No CVEs

UTM Master

utm-master

100

Store UTM parameters in cookies, append them to links automatically, and manage GDPR compliance easily.

50 No CVEs

Check Permission Dialogue

check-permission-dialogue

100

This plugin adds an opt-in permission for certain known tracking scripts and tracking cookies.

0 No CVEs

Developer Profile

AM Cookies Developer Profile

Johan Martin Aarstein

2 plugins · 800 total installs

100

trust score

Avg Security Score

100/100

Avg Patch Time

1 days

View full developer profile

Detection Fingerprints

How We Detect AM Cookies

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/am-cookies/build/settings.js/wp-content/plugins/am-cookies/scripts/am-gdpr.min.js/wp-content/plugins/am-cookies/scripts/add-text.js/wp-content/plugins/am-cookies/styles/dist/admin.min.css/wp-content/plugins/am-cookies/styles/dist/preview.min.css

Script Paths

scripts/am-gdpr.min.jsscripts/add-text.jsbuild/settings.js

Version Parameters

am-cookies/scripts/am-gdpr.min.js?ver=am-cookies/scripts/add-text.js?ver=am-cookies/build/settings.js?ver=

HTML / DOM Fingerprints

Data Attributes

alignPromptalignMiniPromptaccentColorbackgroundColorfontFamilyborderWidth+5 more

JS Globals

aamd_cookiesaamd_cookies_adminaamd_cookies_frontendamCookiesElement

REST Endpoints

/wp-json/am-cookies-settings/v1/options

Shortcode Output

<am-cookies

FAQ