[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f2NomyULyg0_X81ClscWUj_9lV6H8HRX7Th3E8FbHjIo":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":27,"vuln_count":28,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":46,"crawl_stats":37,"alternatives":54,"analysis":149,"fingerprints":254},"cookie-law-bar","Cookie Law Bar","1.2.1","richplugins","https:\u002F\u002Fprofiles.wordpress.org\u002Fwidgetpack\u002F","\u003Cp>A simple and lightweight cookie law WordPress plugin for show information that your website uses cookie. Perfect for implementation of EU cookie law!\u003C\u002Fp>\n\u003Cp>Online demo: \u003Ca href=\"http:\u002F\u002Fdemo.richplugins.com\u002F\" rel=\"nofollow ugc\">http:\u002F\u002Fdemo.richplugins.com\u002F\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Feel free to try our other widgets powered by \u003Ca href=\"https:\u002F\u002Fwidgetpack.com\u002F\" rel=\"nofollow ugc\">Widget Pack\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>It’s free\u003C\u002Fli>\n\u003Cli>Adaptive design\u003C\u002Fli>\n\u003Cli>Zero load time\u003C\u002Fli>\n\u003Cli>Smooth slide bottom or top bar\u003C\u002Fli>\n\u003Cli>Changeable: position, message, color, button text\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Support\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>Chat support https:\u002F\u002Fwidgetpack.com\u002Fforum\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Email support contact@widgetpack.com\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n","Cookie Law Bar show bottom or top bar to inform users that your website uses cookie according to EU law.",2000,27097,90,4,"2017-11-28T19:18:00.000Z","4.7.32","2.8","",[20,21,22,23,24],"consent","cookie","cookie-bar","cookie-compliance","cookies","https:\u002F\u002Fwidgetpack.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcookie-law-bar.1.2.1.zip",64,1,"2021-05-24 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":37,"severity":39,"cvss_score":40,"cvss_vector":41,"vuln_type":42,"published_date":29,"updated_date":43,"references":44,"days_to_patch":37},"WF-f65cb1f6-e72e-4848-b72c-99b83e5401e8-cookie-law-bar","cookie-law-bar-authenticated-admin-stored-cross-site-scripting","Cookie Law Bar \u003C= 1.2.1 - Authenticated (Admin+) Stored Cross-Site Scripting","The Cookie Law Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.2.1","medium",5.5,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-01-22 19:56:02",[45],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ff65cb1f6-e72e-4848-b72c-99b83e5401e8?source=api-prod",{"slug":47,"display_name":7,"profile_url":8,"plugin_count":48,"total_installs":49,"avg_security_score":50,"avg_patch_time_days":51,"trust_score":52,"computed_at":53},"widgetpack",5,114400,87,204,70,"2026-04-04T07:05:52.755Z",[55,76,93,106,125],{"slug":22,"name":56,"version":57,"author":58,"author_profile":59,"description":60,"short_description":61,"active_installs":62,"downloaded":63,"rating":64,"num_ratings":65,"last_updated":66,"tested_up_to":67,"requires_at_least":68,"requires_php":18,"tags":69,"homepage":70,"download_link":71,"security_score":72,"vuln_count":73,"unpatched_count":74,"last_vuln_date":75,"fetched_at":30},"Cookie Bar","2.2","Brontobytes","https:\u002F\u002Fprofiles.wordpress.org\u002Fbrontobytes\u002F","\u003Cp>A simple, lightweight WordPress plugin for displaying a discreet notification bar that is dismissable and the dismissal is saved by cookie. Perfect for implementing the EU cookie law (GDPR)!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>The Cookie Bar plugin creates a small bar at the bottom of the website with a short customizable message about cookies and an accept button.\u003C\u002Fstrong> Once a visitor has accepted the Cookie Bar, it then disappears.\u003C\u002Fp>\n\u003Cp>Feel free to try out the plugin through our installation of \u003Ca href=\"https:\u002F\u002Fwww.brontobytes.com\u002Fblog\u002Fcookie-bar-free-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Cookie Bar\u003C\u002Fa>.\u003C\u002Fp>\n\u003Cp>Troubleshooting: If you or your visitors are using an adblocker that can block cookie bars, the bar may not show up. Whitelist your website in your adblocker’s browser add-on\u002Fextension.\u003C\u002Fp>\n","Cookie Bar allows you to discreetly inform visitors that your website uses cookies.",10000,170028,98,22,"2025-10-29T18:54:00.000Z","6.8.5","3.8",[20,21,22,23,24],"https:\u002F\u002Fwww.brontobytes.com\u002Fblog\u002Fcookie-bar-free-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcookie-bar.2.2.zip",99,2,0,"2023-10-24 00:00:00",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":74,"num_ratings":74,"last_updated":86,"tested_up_to":87,"requires_at_least":88,"requires_php":18,"tags":89,"homepage":90,"download_link":91,"security_score":92,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"simple-cookie-law","Simple Cookie Law","0.0.1","snagysandor","https:\u002F\u002Fprofiles.wordpress.org\u002Fsnagysandor\u002F","\u003Cp>Simple Cookie Law\u003C\u002Fp>\n\u003Cp>A simple and lightweight cookie law plugin for show information that your website uses cookie. Don’t use Jquery, all elements build in HTML source and you can use transparent colors.\u003C\u002Fp>\n","Cookie law notification on your page.",10,5872,"2017-08-24T08:18:00.000Z","4.8.28","4.0",[20,21,22,23,24],"https:\u002F\u002Foktatas.nagysandor.org\u002Fsimple-cookie-law\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-cookie-law.0.0.1.zip",85,{"slug":94,"name":95,"version":96,"author":97,"author_profile":98,"description":99,"short_description":100,"active_installs":74,"downloaded":101,"rating":74,"num_ratings":74,"last_updated":102,"tested_up_to":103,"requires_at_least":68,"requires_php":18,"tags":104,"homepage":18,"download_link":105,"security_score":92,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"zedna-cookies-bar","Zedna Cookies Bar","1.4.2","Radek Mezulanik","https:\u002F\u002Fprofiles.wordpress.org\u002Fzedna\u002F","\u003Cp>Small cookies bar to inform visitors that your website uses cookies without beign too disturbing.\u003Cbr \u002F>\nUser can setup colors of text, bar and button. You can also choose to show bar at the top or bottom of the page. You can also add custom css.\u003Cbr \u002F>\nAnd frontend is independent on jQuery.\u003C\u002Fp>\n","Lightweight cookies bar to inform visitors that your website uses cookies without beign too disturbing. Frontend is independent on jQuery.",1036,"2020-07-09T11:00:00.000Z","5.4.19",[20,21,22,23,24],"https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fzedna-cookies-bar.zip",{"slug":107,"name":108,"version":109,"author":110,"author_profile":111,"description":112,"short_description":113,"active_installs":11,"downloaded":114,"rating":115,"num_ratings":116,"last_updated":117,"tested_up_to":118,"requires_at_least":68,"requires_php":18,"tags":119,"homepage":123,"download_link":124,"security_score":92,"vuln_count":74,"unpatched_count":74,"last_vuln_date":37,"fetched_at":30},"eu-cookie-law-compliance","EU Cookie Law Compliance","1.0.3","Damian Góra","https:\u002F\u002Fprofiles.wordpress.org\u002Fdamian-gora\u002F","\u003Cp>Relevant and universal banner informs visitors about the acceptance of cookies.\u003Cbr \u002F>\nIncludes 4 different flexible layouts, easy to customize.\u003Cbr \u002F>\nIf you are searching a great looking cookie law bar, your search ends here.\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>It is \u003Cstrong>fully adjustable\u003C\u002Fstrong>. You can fits bar for your own website’s style – change the background, text and buttons colors\u003C\u002Fli>\n\u003Cli>You can decide about \u003Cstrong>location of your cookies\u003C\u002Fstrong> – place the cookie bar in either the header or the footer\u003C\u002Fli>\n\u003Cli>You can choose \u003Cstrong>Cookie expiry days\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>You can edit \u003Cstrong>title and message\u003C\u002Fstrong> of your own cookies\u003C\u002Fli>\n\u003Cli>You can hide or show \u003Cstrong>refuse button\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>You can edit appearance and disappearance of \u003Cstrong>cookie bar effect\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>You can set the \u003Cstrong>duration time\u003C\u002Fstrong> and set \u003Cstrong>start time\u003C\u002Fstrong>\u003C\u002Fli>\n\u003Cli>The plugin is \u003Cstrong>Responsive Web Design\u003C\u002Fstrong> it means compatible with across a wide range of devices\u003C\u002Fli>\n\u003Cli>WPML compatible;\u003C\u002Fli>\n\u003C\u002Ful>\n","Elegant and responsive EU Cookie Law Compliance.",23905,96,9,"2019-04-27T20:30:00.000Z","5.1.22",[22,120,23,121,122],"cookie-categories","cookie-consent","cookie-law","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Feu-cookie-law-compliance","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feu-cookie-law-compliance.1.0.3.zip",{"slug":126,"name":127,"version":128,"author":129,"author_profile":130,"description":131,"short_description":132,"active_installs":133,"downloaded":134,"rating":115,"num_ratings":135,"last_updated":136,"tested_up_to":137,"requires_at_least":138,"requires_php":139,"tags":140,"homepage":144,"download_link":145,"security_score":146,"vuln_count":147,"unpatched_count":74,"last_vuln_date":148,"fetched_at":30},"cookie-notice","Cookie Notice & Compliance for GDPR \u002F CCPA","2.5.14","Humanityco","https:\u002F\u002Fprofiles.wordpress.org\u002Fhumanityco\u002F","\u003Cp>\u003Cstrong>Cookie Notice\u003C\u002Fstrong> provides a simple, customizable website banner that can be used to help your website comply with certain cookie consent requirements under the EU GDPR cookie law and CCPA regulations and includes \u003Cstrong>seamless integration\u003C\u002Fstrong> with Cookie Compliance to help your site comply with the latest updates to existing consent laws.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cookie Compliance\u003C\u002Fstrong> is a fully featured Consent Management Platform (CMP) that provides automated compliance features and enhanced design controls in a state-of-the-art web application. Cookie Compliance enables websites to \u003Cstrong>take a proactive approach to data protection and consent laws\u003C\u002Fstrong>. It is the first solution to offer Intentional Consent, a new consent framework that incorporates the latest guidelines from over 100+ countries, and emerging standards from leading international organizations like the IEEE and European Center for Digital Rights (noyb.eu). Cookie Compliance provides a beautiful, multi-level experience and includes new choices and controls for site visitors to better understand and engage in data privacy decisions.\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>Our Cookie Compliance web application introduces a more ethical, proactive way to capture and manage consent.  This early version of the emerging Intentional Consent framework is a result of Hu-manity.co’s ongoing work with top Fortune 500 companies, governments, and standards organizations, who believe that the imbalanced relationship between consumers and corporations is unsustainable when it comes to data privacy and consent online. We are making it available for all website owners and operators who share this belief and support our mission to eliminate the dark patterns in online consent.\u003Cbr \u002F>\n  Matt Sinderbrand – Chief Platform Officer, Hu-manity.co\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch3>Cookie Notice (plugin only)\u003C\u002Fh3>\n\u003Cp>Cookie Notice provides a simple, customizable website banner to help your website comply with certain cookie consent requirements.\u003C\u002Fp>\n\u003Ch4>Banner features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Customizable notice message\u003C\u002Fli>\n\u003Cli>Consent on click, scroll or close\u003C\u002Fli>\n\u003Cli>Multiple cookie expiry options\u003C\u002Fli>\n\u003Cli>Link to Privacy Policy page\u003C\u002Fli>\n\u003Cli>WordPress Privacy Policy page synchronization\u003C\u002Fli>\n\u003Cli>WPML and Polylang compatible\u003C\u002Fli>\n\u003Cli>SEO friendly\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Cookie Compliance (plugin + web application)\u003C\u002Fh3>\n\u003Cp>Cookie Compliance gives you access to the most up-to-date formatting guidelines and technical compliance requirements for over 100 countries and legal jurisdictions.\u003C\u002Fp>\n\u003Ch4>Banner features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Intentional Consent\u003C\u002Fstrong> provides 3 equal buttons to give site visitors the ability to accept none, some, or all cookies through packaged choices called Data Access Levels. Data Access Levels improve consent conversion and eliminate the dark pattern of deceptive, non-equal choices in the first layer. \u003Cem>Complies with equal choice principle prescribed under GDPR and other data protection laws.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Consent duration selector\u003C\u002Fstrong> gives visitor control over how long their consent remains valid for your site.  \u003Cem>Enables your site to align with recent guidelines from EU Data Protection Authorities, which state that cookie consent should be valid for no longer than a period of 6 months.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Cookie purpose categories\u003C\u002Fstrong> make it easy for website visitors to customize their consent by category. \u003Cem>Complies with affirmative, opt-in consent requirements prescribed under GDPR and other data protection laws.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Consent metrics\u003C\u002Fstrong> displays the visitor’s consent record and a list of blocked \u002F allowed 3rd parties directly in the expanded level of the banner. \u003Cem>Complies with latest guidance from EU Data Protection Authorities like CNIL (France) and ICO (UK). \u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Customizable Privacy Paper\u003C\u002Fstrong> provides helpful information to improve visitor comprehension and understanding of the data sharing risks and benefits. Allows you to summarize core components of your sites privacy notice and \u003Cem>aligns with the informed principle prescribed by GDPR rules for valid consent capture. \u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Configurable Privacy Contact\u003C\u002Fstrong> allows you to provide contact information for a business’ data privacy admin, as well as helpful links to data subject request forms and other data privacy resources. \u003Cem>Aligns with the informed principle prescribed by GDPR rules for valid consent capture.\u003C\u002Fem>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Web Application features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\u003Cstrong>Consent analytics dashboard\u003C\u002Fstrong> shows event data for number of visits and provides a “trust score” to help you track how site visitors are setting their consent. Make adjustments to your banner to improve your cookie acceptance rate and monitor progress via the consent activity graph.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Default configurations\u003C\u002Fstrong> for GDPR, CCPA and more help to remove dark patterns and allow for quick and easy deployment of the consent banner without any guesswork. Customize the design of any default configuration to match the look and feel of your site.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Automatic script blocking\u003C\u002Fstrong> blocks all non-essential cookie scripts and iFrames by default and \u003Cem>complies with valid consent rules under GDPR and other data protection laws\u003C\u002Fem>; in order to be compliant, your site must record visitor consent before setting or sending cookies.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Google Consent Mode\u003C\u002Fstrong> ensures that your website can still gather valuable insights and perform effectively while respecting users’ privacy preferences by \u003Cem>dynamically adjusting the behavior of Google services according to user consent.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Facebook Consent Mode\u003C\u002Fstrong> allows your website to \u003Cem>measure the impact of your ads on Facebook\u003C\u002Fem>, track website activities and conversions and automatically deliver ads to Facebook if the user has agreed to.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Consent record storage\u003C\u002Fstrong> automatically stores a record of each consent and makes these records available for export. \u003Cem>Complies with proof-of-consent requirements prescribed under GDPR and other data protection laws.\u003C\u002Fem>\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multilingual support\u003C\u002Fstrong> automatically translates all banner text strings and allows you to provide custom translations for every text field to ensure visitors get a consistent consent experience.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multidomain management\u003C\u002Fstrong> allows you to manage additional Free or Professional domains under a single account and enables you to customize banner configuration and design for each domain independently.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Cookie Compliance proactive approach:\u003C\u002Fh4>\n\u003Cp>For all businesses, the resources required to stay ahead of the latest regulations increases with the passage of each new law. With enforcement of compliance violations increasing daily, we believe it is critical for us as a trusted consent vendor to do everything in our power to help you stay ahead of these laws and remove the risk to your business\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Cookie Compliance covers all current and upcoming regulations:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>GDPR (EU)\u003C\u002Fli>\n\u003Cli>ePrivacy Directive (EU)\u003C\u002Fli>\n\u003Cli>ePrivacy Regulation (EU)\u003C\u002Fli>\n\u003Cli>PECR (UK)\u003C\u002Fli>\n\u003Cli>LGPD (Brazil)\u003C\u002Fli>\n\u003Cli>PIPEDA (Canada)\u003C\u002Fli>\n\u003Cli>PDPB (India)\u003C\u002Fli>\n\u003Cli>CCPA (California, US)\u003C\u002Fli>\n\u003Cli>VCDPA (Virginia, US)\u003C\u002Fli>\n\u003Cli>Colorado Privacy Act (US)\u003C\u002Fli>\n\u003Cli>CPRA (California, US)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Cookie Compliance incorporates all recent formatting guidance:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>European Data Protection Supervisor (EDPS)\u003C\u002Fli>\n\u003Cli>ICO (United Kingdom)\u003C\u002Fli>\n\u003Cli>CNIL (France)\u003C\u002Fli>\n\u003Cli>GPDP (Italy)\u003C\u002Fli>\n\u003Cli>BfDl (Germany)\u003C\u002Fli>\n\u003Cli>AEPD (Spain)\u003C\u002Fli>\n\u003Cli>European Center for Digital Rights (noyb.eu)\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Cookie Compliance targets dark patterns\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Dark Patterns are user interface (UI) techniques that push site visitors to make decisions (such as agreeing to the installation of cookies on their devices) that they might not otherwise make. The most common Dark Pattern is the lack of an equal “reject all” button on the first layer of the consent notice. Dark Patterns are explicitly banned under GDPR and other data protection laws.\u003C\u002Fp>\n\u003Cp>As a part of our proactive approach, Cookie Compliance is configured by default to prevent Dark Patterns through our unique Intentional Consent design.\u003C\u002Fp>\n","Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.",900000,36171663,3020,"2026-03-04T01:02:00.000Z","6.9.4","4.9.6","7.4",[141,20,24,142,143],"ccpa","gdpr","privacy","https:\u002F\u002Fcookie-compliance.co\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcookie-notice.2.5.14.zip",95,6,"2025-11-21 16:28:14",{"attackSurface":150,"codeSignals":178,"taintFlows":227,"riskAssessment":245,"analyzedAt":253},{"hooks":151,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":177,"entryPointCount":74,"unprotectedCount":74},[152,158,162,166,170],{"type":153,"name":154,"callback":155,"file":156,"line":157},"action","activate_cookie-law-bar\u002Fcookie-law-bar.php","clb_default_setting","cookie-law-bar.php",59,{"type":153,"name":159,"callback":160,"file":156,"line":161},"admin_menu","clb_setting_menu",72,{"type":163,"name":164,"callback":165,"priority":84,"file":156,"line":50},"filter","plugin_action_links","clb_plugin_action_links",{"type":153,"name":167,"callback":168,"file":156,"line":169},"wp_enqueue_scripts","clb_static",101,{"type":153,"name":171,"callback":172,"file":156,"line":173},"wp_footer","clb_output_footer",112,[],[],[],[],{"dangerousFunctions":179,"sqlUsage":180,"outputEscaping":182,"fileOperations":74,"externalRequests":74,"nonceChecks":28,"capabilityChecks":28,"bundledLibraries":226},[],{"prepared":74,"raw":74,"locations":181},[],{"escaped":183,"rawEcho":184,"locations":185},12,20,[186,190,192,194,196,198,200,202,204,206,208,210,212,214,216,218,220,222,224,225],{"file":187,"line":188,"context":189},"cookie-law-bar-setting.php",137,"raw output",{"file":187,"line":191,"context":189},139,{"file":187,"line":193,"context":189},146,{"file":187,"line":195,"context":189},148,{"file":187,"line":197,"context":189},152,{"file":187,"line":199,"context":189},155,{"file":187,"line":201,"context":189},156,{"file":187,"line":203,"context":189},161,{"file":187,"line":205,"context":189},163,{"file":187,"line":207,"context":189},167,{"file":187,"line":209,"context":189},169,{"file":187,"line":211,"context":189},173,{"file":187,"line":213,"context":189},175,{"file":187,"line":215,"context":189},179,{"file":187,"line":217,"context":189},181,{"file":187,"line":219,"context":189},185,{"file":187,"line":221,"context":189},187,{"file":156,"line":223,"context":189},108,{"file":156,"line":223,"context":189},{"file":156,"line":223,"context":189},[],[228],{"entryPoint":229,"graph":230,"unsanitizedCount":74,"severity":244},"\u003Ccookie-law-bar-setting> (cookie-law-bar-setting.php:0)",{"nodes":231,"edges":241},[232,236],{"id":233,"type":234,"label":235,"file":187,"line":72},"n0","source","$_POST[$opt]",{"id":237,"type":238,"label":239,"file":187,"line":72,"wp_function":240},"n1","sink","update_option() [Settings Manipulation]","update_option",[242],{"from":233,"to":237,"sanitized":243},true,"low",{"summary":246,"deductions":247},"The \"cookie-law-bar\" plugin v1.2.1 exhibits a mixed security posture. On the positive side, the static analysis reveals no immediately apparent major vulnerabilities related to a broad attack surface, dangerous functions, raw SQL queries, file operations, or external HTTP requests. The presence of a nonce check and a capability check, along with 100% of SQL queries using prepared statements, are good security practices. However, a significant concern arises from the output escaping, where only 38% of outputs are properly escaped, indicating a potential for Cross-Site Scripting (XSS) vulnerabilities that were not fully captured or mitigated by the taint analysis in this specific version.\n\nThe vulnerability history for this plugin is a notable red flag. It shows one known CVE, which is currently unpatched, and categorized as medium severity. The common vulnerability type being Cross-Site Scripting directly aligns with the concerns raised by the insufficient output escaping found during static analysis. The fact that this vulnerability is unpatched suggests a lack of ongoing maintenance and security responsiveness from the plugin developers. While the current static analysis might not directly pinpoint this specific unpatched vulnerability, its historical presence strongly suggests a persistent risk that users of this version are exposed to.\n\nIn conclusion, while the code in v1.2.1 doesn't present an extremely large or complex attack surface, the poor output escaping and the existence of an unpatched medium-severity XSS vulnerability in its history make it a moderate to high risk. Users should be aware of the potential for XSS attacks and the lack of recent security updates. The strengths lie in its limited attack vectors and use of prepared statements, but these are overshadowed by the identified security weaknesses.",[248,251],{"reason":249,"points":250},"Unpatched medium severity CVE",17,{"reason":252,"points":147},"Low output escaping percentage","2026-03-16T18:38:34.461Z",{"wat":255,"direct":264},{"assetPaths":256,"generatorPatterns":259,"scriptPaths":260,"versionParams":261},[257,258],"\u002Fwp-content\u002Fplugins\u002Fcookie-law-bar\u002Fstatic\u002Fcss\u002Fcookie-law-bar.css","\u002Fwp-content\u002Fplugins\u002Fcookie-law-bar\u002Fstatic\u002Fjs\u002Fcookie-law-bar.js",[],[258],[262,263],"cookie-law-bar.js?ver=","cookie-law-bar.css?ver=",{"cssClasses":265,"htmlComments":266,"htmlAttributes":268,"restEndpoints":271,"jsGlobals":272,"shortcodeOutput":273},[4],[56,267],"End Cookie Bar",[269,270],"id=\"cookie-law-bar\"","id=\"cookie-law-btn\"",[],[],[]]