WP-Safety

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) Security & Risk Analysis

wordpress.org/plugins/cookie-law-info

Easily set up cookie banner or notice in WordPress, and policy pages for compliance with global cookie laws (GDPR, DSGVO, RGPD, CCPA/CPRA, etc).

1.0M active installs v3.4.0 PHP 5.6+ WP 5.0.0+ Updated Jan 29, 2026
cookiecookie-bannercookie-consentcookie-noticegdpr
100
A · Safe
CVEs total1
Unpatched0
Last CVEFeb 11, 2020
Plugin page Download
Safety Verdict

Is CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) Safe to Use in 2026?

Generally Safe

Score 100/100

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Feb 11, 2020Updated 2mo ago
Risk Assessment

The "cookie-law-info" plugin version 3.4.0 exhibits a mixed security posture. While it demonstrates good practices in SQL query sanitization (74% prepared statements) and a significant number of capability checks (36), there are notable areas of concern. The presence of 5 taint flows with unsanitized paths, all categorized as high severity, is a critical finding that warrants immediate attention as it suggests potential vulnerabilities like Cross-Site Scripting (XSS) or other forms of code injection.

Furthermore, the plugin has one REST API route without a permission callback, and a total of 20 entry points with one left unprotected. While the plugin has a low number of file operations (3) and external HTTP requests (9), the high number of unsanitized taint flows overshadows these strengths. The vulnerability history, while showing no currently unpatched CVEs, does list one medium severity vulnerability from 2020 related to Cross-Site Scripting, indicating a past susceptibility to this type of attack. The overall picture is that of a plugin with some solid security foundations but with critical flaws in input sanitization that could be exploited.

Key Concerns

  • High severity taint flows with unsanitized paths
  • REST API route without permission callback
  • Unprotected entry point (REST API)
  • 70% output escaping
  • Past medium severity XSS vulnerability
Vulnerabilities
1

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2020-20633medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GDPR Cookie Consent & Compliance Notice <= 1.8.2 - Authenticated Stored Cross-Site Scripting and Authorization Bypass

Feb 11, 2020 Patched in 1.8.3 (1442d)
Code Analysis
Analyzed Mar 16, 2026

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) Code Analysis

Dangerous Functions
0
Raw SQL Queries
22
63 prepared
Unescaped Output
352
810 escaped
Nonce Checks
27
Capability Checks
36
File Operations
3
External Requests
9
Bundled Libraries
0

SQL Query Safety

74% prepared85 total queries

Output Escaping

70% escaped1162 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

14 flows5 with unsanitized paths
admin_settings_page (legacy\admin\class-cookie-law-info-admin.php:272)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) Attack Surface

Entry Points20
Unprotected1

AJAX Handlers 5

authwp_ajax_cli_policy_generatorlegacy\admin\modules\cli-policy-generator\classes\class-policy-generator-ajax.php:9
authwp_ajax_cli_cookie_scanerlegacy\admin\modules\cookie-scaner\classes\class-cookie-law-info-cookie-scanner-ajax.php:14
authwp_ajax_cookieyes_ajax_main_controllerlegacy\includes\class-cookie-law-info-cookieyes.php:89
authwp_ajax_wt_cli_change_plugin_statuslegacy\public\modules\script-blocker\script-blocker.php:67
authwp_ajax_cli_change_script_categorylegacy\public\modules\script-blocker\script-blocker.php:73

REST API Routes 1

POST/wp-json/cookieyes/v1/fetch_resultslegacy\admin\modules\cookie-scaner\cookie-scaner.php:67

Shortcodes 14

[wt_cli_ccpa_optout] legacy\admin\modules\ccpa\ccpa.php:57
[delete_cookies] legacy\public\modules\shortcode\shortcode.php:35
[cookie_audit] legacy\public\modules\shortcode\shortcode.php:36
[cookie_accept] legacy\public\modules\shortcode\shortcode.php:37
[cookie_reject] legacy\public\modules\shortcode\shortcode.php:38
[cookie_settings] legacy\public\modules\shortcode\shortcode.php:39
[cookie_link] legacy\public\modules\shortcode\shortcode.php:40
[cookie_button] legacy\public\modules\shortcode\shortcode.php:41
[cookie_after_accept] legacy\public\modules\shortcode\shortcode.php:42
[user_consent_state] legacy\public\modules\shortcode\shortcode.php:43
[webtoffee_powered_by] legacy\public\modules\shortcode\shortcode.php:44
[cookie_close] legacy\public\modules\shortcode\shortcode.php:45
[wt_cli_manage_consent] legacy\public\modules\shortcode\shortcode.php:46
[cookie_accept_all] legacy\public\modules\shortcode\shortcode.php:47
WordPress Hooks 156
actionadmin_print_footer_scriptscookie-law-info.php:91
actionin_plugin_update_message-cookie-law-info/cookie-law-info.phpcookie-law-info.php:120
actionadmin_initlegacy\admin\class-cookie-law-info-admin.php:71
actionwt_cli_initialize_pluginlegacy\admin\class-cookie-law-info-admin.php:74
actionwt_cli_ccpa_settingslegacy\admin\modules\ccpa\ccpa.php:51
actionwp_enqueue_scriptslegacy\admin\modules\ccpa\ccpa.php:52
actionwt_cli_before_cookie_messagelegacy\admin\modules\ccpa\ccpa.php:53
filterwt_cli_before_save_settingslegacy\admin\modules\ccpa\ccpa.php:54
filterwt_cli_plugin_settingslegacy\admin\modules\ccpa\ccpa.php:55
filteradmin_enqueue_scriptslegacy\admin\modules\ccpa\ccpa.php:56
filterthe_postslegacy\admin\modules\cli-policy-generator\classes\class-preview-page.php:16
actionadmin_bar_menulegacy\admin\modules\cli-policy-generator\classes\class-preview-page.php:70
actionwp_footerlegacy\admin\modules\cli-policy-generator\classes\class-preview-page.php:71
actionadmin_menulegacy\admin\modules\cli-policy-generator\cli-policy-generator.php:19
filterdisplay_post_stateslegacy\admin\modules\cli-policy-generator\cli-policy-generator.php:20
actionwt_cli_ckyes_abort_scanlegacy\admin\modules\cookie-scaner\classes\class-cookie-law-info-cookie-scanner-ajax.php:15
actionadmin_menulegacy\admin\modules\cookie-scaner\cookie-scaner.php:58
actionwt_cli_cookie_scanner_bodylegacy\admin\modules\cookie-scaner\cookie-scaner.php:59
actioninitlegacy\admin\modules\cookie-scaner\cookie-scaner.php:60
filterwt_cli_cookie_scan_statuslegacy\admin\modules\cookie-scaner\cookie-scaner.php:61
actionwt_cli_initialize_pluginlegacy\admin\modules\cookie-scaner\cookie-scaner.php:63
actionrest_api_initlegacy\admin\modules\cookie-scaner\cookie-scaner.php:64
actioninitlegacy\admin\modules\cookies\cookies.php:24
actionadmin_initlegacy\admin\modules\cookies\cookies.php:25
actionadmin_menulegacy\admin\modules\cookies\cookies.php:26
actioncreate_cookielawinfo-categorylegacy\admin\modules\cookies\cookies.php:27
actionedited_cookielawinfo-categorylegacy\admin\modules\cookies\cookies.php:28
actioncookielawinfo-category_add_form_fieldslegacy\admin\modules\cookies\cookies.php:29
actioncookielawinfo-category_edit_form_fieldslegacy\admin\modules\cookies\cookies.php:30
actionsave_postlegacy\admin\modules\cookies\cookies.php:31
actionmanage_edit-cookielawinfo_columnslegacy\admin\modules\cookies\cookies.php:32
actionmanage_posts_custom_columnlegacy\admin\modules\cookies\cookies.php:33
actionadmin_enqueue_scriptslegacy\admin\modules\cookies\cookies.php:34
actionadmin_initlegacy\admin\modules\cookies\cookies.php:35
actionwt_cli_before_cookie_scanner_headerlegacy\admin\modules\cookies\cookies.php:37
actionwt_cli_initialize_pluginlegacy\admin\modules\cookies\cookies.php:38
actionwt_cli_after_cookie_category_migrationlegacy\admin\modules\cookies\cookies.php:39
filterwt_cli_cookie_categorieslegacy\admin\modules\cookies\cookies.php:54
actionadmin_footerlegacy\admin\modules\uninstall-feedback\uninstall-feedback.php:39
actionrest_api_initlegacy\admin\modules\uninstall-feedback\uninstall-feedback.php:41
actioninitlegacy\includes\class-cookie-law-info-activator.php:39
actioninitlegacy\includes\class-cookie-law-info-cookieyes.php:88
actionwt_cli_after_advanced_settingslegacy\includes\class-cookie-law-info-cookieyes.php:90
actionadmin_enqueue_scriptslegacy\includes\class-cookie-law-info-cookieyes.php:91
actionadmin_footerlegacy\includes\class-cookie-law-info-cookieyes.php:99
filterwt_cli_enable_ckyes_brandinglegacy\includes\class-cookie-law-info-cookieyes.php:100
filterwt_cli_ckyes_account_widgetlegacy\includes\class-cookie-law-info-cookieyes.php:101
filterget_termlegacy\includes\class-cookie-law-info-languages.php:132
actioninitlegacy\includes\class-cookie-law-info-review-request.php:50
actionadmin_noticeslegacy\includes\class-cookie-law-info-review-request.php:51
actionadmin_print_footer_scriptslegacy\includes\class-cookie-law-info-review-request.php:52
filteradmin_footer_textlegacy\includes\class-cookie-law-info-review-request.php:55
actionadmin_initlegacy\includes\class-cookie-law-info.php:85
actionadmin_noticeslegacy\includes\class-cookie-law-info.php:86
actioninitlegacy\includes\class-cookie-law-info.php:170
actionadmin_menulegacy\includes\class-cookie-law-info.php:185
actionadmin_menulegacy\includes\class-cookie-law-info.php:187
actionadmin_enqueue_scriptslegacy\includes\class-cookie-law-info.php:192
actionadmin_enqueue_scriptslegacy\includes\class-cookie-law-info.php:193
actionwp_enqueue_scriptslegacy\includes\class-cookie-law-info.php:213
actionwp_enqueue_scriptslegacy\includes\class-cookie-law-info.php:214
actiontemplate_redirectlegacy\includes\class-cookie-law-info.php:215
actionwp_footerlegacy\includes\class-cookie-law-info.php:219
actionwp_headlegacy\includes\class-cookie-law-info.php:220
actionwp_footerlegacy\includes\class-cookie-law-info.php:221
filterwt_cli_third_party_scriptslegacy\public\modules\script-blocker\integrations\facebook-for-wordpress.php:6
filterwt_cli_third_party_scriptslegacy\public\modules\script-blocker\integrations\google-analytics-for-wordpress.php:6
filterwt_cli_third_party_scriptslegacy\public\modules\script-blocker\integrations\instagram-feed.php:6
filterwt_cli_third_party_scriptslegacy\public\modules\script-blocker\integrations\twitter-feed.php:6
actioninitlegacy\public\modules\script-blocker\script-blocker.php:62
actionactivated_pluginlegacy\public\modules\script-blocker\script-blocker.php:65
actionadmin_menulegacy\public\modules\script-blocker\script-blocker.php:66
actionadmin_initlegacy\public\modules\script-blocker\script-blocker.php:68
actionwt_cli_after_advanced_settingslegacy\public\modules\script-blocker\script-blocker.php:69
actionwt_cli_ajax_settings_updatelegacy\public\modules\script-blocker\script-blocker.php:70
actionwt_cli_after_cookie_category_migrationlegacy\public\modules\script-blocker\script-blocker.php:74
actiontemplate_redirectlegacy\public\modules\script-blocker\script-blocker.php:82
actionshutdownlegacy\public\modules\script-blocker\script-blocker.php:83
actionwp_footerlegacy\public\modules\shortcode\shortcode.php:87
actionadmin_menulite\admin\class-admin.php:92
actionadmin_initlite\admin\class-admin.php:93
actionactivated_pluginlite\admin\class-admin.php:94
filteradmin_body_classlite\admin\class-admin.php:95
actionadmin_print_scriptslite\admin\class-admin.php:97
actionrest_api_initlite\admin\modules\banners\api\class-api.php:56
actionadmin_initlite\admin\modules\banners\class-banners.php:41
actioncky_after_update_bannerlite\admin\modules\banners\class-banners.php:42
actionadmin_initlite\admin\modules\banners\class-banners.php:43
actionadmin_initlite\admin\modules\banners\class-banners.php:44
filtercky_registered_admin_menuslite\admin\modules\banners\class-banners.php:45
actioncky_reinstall_tableslite\admin\modules\banners\class-banners.php:46
actioncky_reset_settingslite\admin\modules\banners\includes\class-template.php:138
actioncky_after_update_bannerlite\admin\modules\banners\includes\class-template.php:139
actioncky_after_update_cookie_categorylite\admin\modules\banners\includes\class-template.php:140
actioncky_after_update_cookielite\admin\modules\banners\includes\class-template.php:141
actioncky_clear_cachelite\admin\modules\banners\includes\class-template.php:142
actionrest_api_initlite\admin\modules\bfcm-banner\class-bfcm-banner.php:124
actionplugins_loadedlite\admin\modules\cache\class-cache.php:29
actioncky_after_update_bannerlite\admin\modules\cache\services\class-services.php:34
actioncky_after_update_cookielite\admin\modules\cache\services\class-services.php:35
actioncky_after_update_cookie_categorylite\admin\modules\cache\services\class-services.php:36
actioncky_after_connectlite\admin\modules\cache\services\class-services.php:37
actioncky_after_update_settingslite\admin\modules\cache\services\class-services.php:38
actioncky_after_activatelite\admin\modules\cache\services\class-services.php:39
actioncky_clear_cachelite\admin\modules\cache\services\class-services.php:40
actionadmin_noticeslite\admin\modules\connect-banner\class-connect-banner.php:67
actionadmin_print_footer_scriptslite\admin\modules\connect-banner\class-connect-banner.php:68
actionrest_api_initlite\admin\modules\consentlogs\api\class-api.php:48
filtercky_registered_admin_menuslite\admin\modules\consentlogs\class-consentlogs.php:41
actionrest_api_initlite\admin\modules\cookies\api\class-categories-api.php:49
actionrest_api_initlite\admin\modules\cookies\api\class-cookies-api.php:48
actionadmin_initlite\admin\modules\cookies\class-cookies.php:34
actioncky_after_update_cookielite\admin\modules\cookies\class-cookies.php:35
actioncky_after_update_cookie_categorylite\admin\modules\cookies\class-cookies.php:36
actioncky_after_update_cookie_categorylite\admin\modules\cookies\class-cookies.php:37
actionadmin_initlite\admin\modules\cookies\class-cookies.php:38
actionadmin_initlite\admin\modules\cookies\class-cookies.php:39
actionadmin_initlite\admin\modules\cookies\class-cookies.php:40
filtercky_registered_admin_menuslite\admin\modules\cookies\class-cookies.php:41
actioncky_reinstall_tableslite\admin\modules\cookies\class-cookies.php:42
actioncky_reinstall_tableslite\admin\modules\cookies\class-cookies.php:43
actionrest_api_initlite\admin\modules\dashboard\api\class-api.php:48
actionadmin_enqueue_scriptslite\admin\modules\dashboard-widget\class-dashboard-widget.php:62
actionwp_dashboard_setuplite\admin\modules\dashboard-widget\class-dashboard-widget.php:90
actionrest_api_initlite\admin\modules\gcm\api\class-api.php:38
filtercky_admin_scripts_gcm_configlite\admin\modules\gcm\class-gcm.php:23
actionrest_api_initlite\admin\modules\languages\api\class-api.php:49
filtercky_admin_scripts_languageslite\admin\modules\languages\class-languages.php:32
filtercky_registered_admin_menuslite\admin\modules\languages\class-languages.php:33
actionrest_api_initlite\admin\modules\pageviews\api\class-api.php:49
filtercky_registered_admin_menuslite\admin\modules\policies\class-policies.php:29
actionadmin_noticeslite\admin\modules\review-feedback\class-review-feedback.php:52
actionadmin_print_footer_scriptslite\admin\modules\review-feedback\class-review-feedback.php:53
filteradmin_footer_textlite\admin\modules\review-feedback\class-review-feedback.php:54
actionrest_api_initlite\admin\modules\scanner\api\class-api.php:55
filtercky_admin_scripts_scanner_configlite\admin\modules\scanner\class-scanner.php:30
actionrest_api_initlite\admin\modules\settings\api\class-api.php:50
filtercky_admin_scripts_configlite\admin\modules\settings\class-settings.php:31
actioncky_after_connectlite\admin\modules\settings\class-settings.php:32
actionadmin_footerlite\admin\modules\uninstall-feedback\class-uninstall-feedback.php:66
actionrest_api_initlite\admin\modules\uninstall-feedback\class-uninstall-feedback.php:68
actionadmin_initlite\admin\modules\upgrade\class-upgrade.php:51
actionadmin_initlite\admin\modules\upgrade\class-upgrade.php:52
actionadmin_initlite\admin\modules\upgrade\class-upgrade.php:53
filtercky_admin_scripts_globallite\admin\modules\upgrade\class-upgrade.php:522
actioninitlite\frontend\class-frontend.php:116
actionwp_footerlite\frontend\class-frontend.php:117
actionwp_enqueue_scriptslite\frontend\class-frontend.php:118
actionwp_headlite\frontend\class-frontend.php:119
actionwp_headlite\frontend\class-frontend.php:120
actioninitlite\includes\class-activator.php:73
actioninitlite\includes\class-cli.php:141
actionadmin_enqueue_scriptslite\includes\class-cli.php:154
actionadmin_enqueue_scriptslite\includes\class-cli.php:155
filterrequest_filesystem_credentialslite\includes\class-filesystem.php:52
filterget_termlite\includes\class-i18n-helpers.php:165
Maintenance & Trust

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedJan 29, 2026
PHP min version5.6
Downloads45.2M

Community Trust

Rating96/100
Number of ratings3,194
Active installs1.0M
Alternatives

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) Alternatives

Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode

Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode

cookiebot

B
72

Install your cookie banner in minutes. Automatically scan and block cookies to comply with the GDPR, CCPA, Google Consent Mode v2. Free plan option.

100K 1 unpatched
Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

gdpr-cookie-consent

A
89

WPLP Cookie Consent helps WordPress website owners display cookie consent banners, manage user preferences, and control third-party scripts in line wi &hellip;

10K 10 CVEs
Lightweight Cookie Notice – Cookie Banner for Cookie Consent

Lightweight Cookie Notice – Cookie Banner for Cookie Consent

lightweight-cookie-notice-free

A
100

This is the free version of Lightweight Cookie Notice, the lightweight and customizable cookie plugin for WordPress.

5K No CVEs
CookieFirst | GDPR Cookie Consent Banner

CookieFirst | GDPR Cookie Consent Banner

cookiefirst-gdpr-cookie-consent-banner

A
100

This plugin integrates the CookfieFirst cookie consent manager to your WordPress website.

300 No CVEs
Simple Consent Mode

Simple Consent Mode

simple-consent-mode

A
100

Simple Consent Mode helps integrate GTM Consent Mode v2 on your website.

200 No CVEs
Developer Profile

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice) Developer Profile

CookieYes

2 plugins · 1.0M total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
725 days
View full developer profile
Detection Fingerprints

How We Detect CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cookie-law-info/lite/assets/css/cookie-law-info-block.css/wp-content/plugins/cookie-law-info/lite/assets/css/cookie-law-info-style.css/wp-content/plugins/cookie-law-info/lite/assets/css/cookie-law-info-gutenberg.css/wp-content/plugins/cookie-law-info/lite/assets/js/cookie-law-info-block.js/wp-content/plugins/cookie-law-info/lite/assets/js/cookie-law-info-gutenberg.js/wp-content/plugins/cookie-law-info/lite/assets/js/cookie-law-info-frontend.js/wp-content/plugins/cookie-law-info/lite/assets/js/cookie-law-info-admin.js/wp-content/plugins/cookie-law-info/lite/assets/js/cookie-law-info-legacy-compat.js+2 more
Generator Patterns
CookieYes | GDPR Cookie Consent
Script Paths
/wp-content/plugins/cookie-law-info/lite/assets/js/cookie-law-info-frontend.js
Version Parameters
cookie-law-info/cookie-law-info.php?ver=cookie-law-info/lite/assets/css/cookie-law-info-block.css?ver=cookie-law-info/lite/assets/css/cookie-law-info-style.css?ver=cookie-law-info/lite/assets/css/cookie-law-info-gutenberg.css?ver=cookie-law-info/lite/assets/js/cookie-law-info-block.js?ver=cookie-law-info/lite/assets/js/cookie-law-info-gutenberg.js?ver=cookie-law-info/lite/assets/js/cookie-law-info-frontend.js?ver=cookie-law-info/lite/assets/js/cookie-law-info-admin.js?ver=cookie-law-info/lite/assets/js/cookie-law-info-legacy-compat.js?ver=cookie-law-info/lite/assets/js/cookie-law-info-scan-compat.js?ver=cookie-law-info/lite/assets/js/cookie-law-info-admin-settings.js?ver=

HTML / DOM Fingerprints

CSS Classes
cky-modalcky-dialogcky-consent-bannercky-btncky-dialog-innercky-closecky-policy-link
HTML Comments
CookieYesGDPR Cookie ConsentPowered by CookieYes
Data Attributes
data-cky-tag="settings-button"data-cky-tag="accept-button"data-cky-tag="reject-button"data-cky-tag="detailed-settings-button"data-cky-tag="policy-link"data-cky-tag="cookies-required"+3 more
JS Globals
CookieLawInfo
FAQ

Frequently Asked Questions about CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)