WP-Safety

Cookie Notice & Compliance for GDPR / CCPA Security & Risk Analysis

wordpress.org/plugins/cookie-notice

Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.

900K active installs v2.5.14 PHP 7.4+ WP 4.9.6+ Updated Mar 4, 2026
ccpaconsentcookiesgdprprivacy
95
A · Safe
CVEs total6
Unpatched0
Last CVENov 21, 2025
Plugin page Download
Safety Verdict

Is Cookie Notice & Compliance for GDPR / CCPA Safe to Use in 2026?

Generally Safe

Score 95/100

Cookie Notice & Compliance for GDPR / CCPA has a strong security track record. Known vulnerabilities have been patched promptly.

6 known CVEsLast CVE: Nov 21, 2025Updated 1mo ago
Risk Assessment

The "cookie-notice" plugin v2.5.14 exhibits a generally good security posture based on the provided static analysis. There are no identified critical or high severity taint flows, and a significant percentage of outputs are properly escaped. The plugin also demonstrates a strong adherence to security best practices with a substantial number of nonce and capability checks, and no file operations or dangerous functions identified. The absence of unprotected entry points is a significant strength.

However, the vulnerability history raises a concern. Six medium severity Cross-site Scripting (XSS) vulnerabilities have been recorded, even though none are currently unpatched. This pattern suggests a recurring tendency for improper input neutralization, which, while addressed, indicates a persistent area of weakness. The fact that the last vulnerability was in the future is highly unusual and likely a data anomaly, but the overall history of XSS is noteworthy. The SQL query usage, while not flagged as problematic here, has a 50% rate of not using prepared statements, which could be a risk in different contexts or versions.

In conclusion, while the current version appears robust with good security practices implemented, the past prevalence of medium-severity XSS vulnerabilities warrants careful monitoring and potential further scrutiny of input handling mechanisms to ensure past issues are truly eradicated.

Key Concerns

  • Medium severity XSS vulnerabilities historically
  • 50% of SQL queries not using prepared statements
Vulnerabilities
6

Cookie Notice & Compliance for GDPR / CCPA Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
2 CVEs in 2023
2023
1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
6

6 total CVEs

CVE-2025-11186medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Nov 21, 2025 Patched in 2.5.9 (1d)
CVE-2025-67554medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Author+) Stored Cross-Site Scripting

Oct 21, 2025 Patched in 2.5.9 (51d)
CVE-2022-3399medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cookie Notice & Compliance for GDPR / CCPA <= 2.4.17.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 15, 2024 Patched in 2.4.18 (100d)
CVE-2023-0823medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_revoke_shortcode' Shortcode

Mar 6, 2023 Patched in 2.4.7 (323d)
CVE-2023-24400medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cookie Notice & Compliance for GDPR / CCPA <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cookies_policy_link' Shortcodes

Mar 2, 2023 Patched in 2.4.7 (327d)
CVE-2021-24569medium · 4.8Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cookie Notice & Compliance for GDPR / CCPA <= 2.1.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Aug 30, 2021 Patched in 2.1.2 (876d)
Code Analysis
Analyzed Mar 17, 2026

Cookie Notice & Compliance for GDPR / CCPA Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
94
335 escaped
Nonce Checks
18
Capability Checks
21
File Operations
0
External Requests
2
Bundled Libraries
0

SQL Query Safety

50% prepared4 total queries

Output Escaping

78% escaped429 total outputs
Data Flows
All sanitized

Data Flow Analysis

6 flows
set_form_status (includes\privacy-consent.php:530)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Cookie Notice & Compliance for GDPR / CCPA Attack Surface

Entry Points15
Unprotected0

AJAX Handlers 12

authwp_ajax_cn_dismiss_noticecookie-notice.php:271
authwp_ajax_cn_review_noticecookie-notice.php:272
authwp_ajax_cn-deactivate-plugincookie-notice.php:273
authwp_ajax_cn_get_cookie_consent_logsincludes\consent-logs.php:20
authwp_ajax_cn_get_privacy_consent_logsincludes\privacy-consent-logs.php:20
authwp_ajax_cn_privacy_consent_form_statusincludes\privacy-consent.php:177
authwp_ajax_cn_privacy_consent_get_formsincludes\privacy-consent.php:178
authwp_ajax_cn_privacy_consent_display_tableincludes\privacy-consent.php:179
authwp_ajax_cn_purge_cacheincludes\settings.php:51
authwp_ajax_cn-get-group-rules-valuesincludes\settings.php:52
authwp_ajax_cn_api_requestincludes\welcome-api.php:24
authwp_ajax_cn_welcome_screenincludes\welcome.php:26

Shortcodes 3

[cookies_accepted] cookie-notice.php:1056
[cookies_revoke] cookie-notice.php:1057
[cookies_policy_link] cookie-notice.php:1058
WordPress Hooks 137
actioninitcookie-notice.php:181
actionplugins_loadedcookie-notice.php:263
actionplugins_loadedcookie-notice.php:264
actioninitcookie-notice.php:265
actioninitcookie-notice.php:266
actioninitcookie-notice.php:267
actionadmin_initcookie-notice.php:268
actionadmin_enqueue_scriptscookie-notice.php:269
actionadmin_footercookie-notice.php:270
actionadmin_noticescookie-notice.php:909
actionnetwork_admin_noticescookie-notice.php:910
filterplugin_action_linkscookie-notice.php:1285
filternetwork_admin_plugin_action_linkscookie-notice.php:1286
actionafter_setup_themeincludes\bot-detect.php:68
actionwp_dashboard_setupincludes\dashboard.php:21
actionwp_network_dashboard_setupincludes\dashboard.php:22
actionadmin_enqueue_scriptsincludes\dashboard.php:23
filtersite_status_testsincludes\dashboard.php:26
actioninitincludes\frontend.php:22
actionwpincludes\frontend.php:23
actionwp_headincludes\frontend.php:24
actionwp_print_footer_scriptsincludes\frontend.php:25
actionwp_headincludes\frontend.php:28
actionwp_headincludes\frontend.php:29
actionlogin_headincludes\frontend.php:30
actionwp_footerincludes\frontend.php:33
actionlogin_footerincludes\frontend.php:34
actionwp_enqueue_scriptsincludes\frontend.php:35
actionlogin_enqueue_scriptsincludes\frontend.php:36
filterbody_classincludes\frontend.php:39
filtercn_is_botincludes\frontend.php:40
filtersafe_style_cssincludes\frontend.php:546
actioninitincludes\modules\amp\amp.php:25
actionwp_headincludes\modules\amp\amp.php:26
actionplugins_loadedincludes\modules\autoptimize\autoptimize.php:22
filterautoptimize_filter_js_excludeincludes\modules\autoptimize\autoptimize.php:31
actionplugins_loadedincludes\modules\breeze\breeze.php:22
actioncn_configuration_updatedincludes\modules\breeze\breeze.php:46
filtercn_cookie_compliance_outputincludes\modules\breeze\breeze.php:51
actionwp_enqueue_scriptsincludes\modules\contact-form-7\contact-form-7.php:26
actionadmin_initincludes\modules\contact-form-7\privacy-consent.php:42
filterdo_shortcode_tagincludes\modules\contact-form-7\privacy-consent.php:49
filtercn_is_preview_modeincludes\modules\divi\divi.php:21
actionadmin_initincludes\modules\easy-digital-downloads\privacy-consent.php:95
actionedd_register_form_fields_afterincludes\modules\easy-digital-downloads\privacy-consent.php:102
filterrender_blockincludes\modules\easy-digital-downloads\privacy-consent.php:103
filteredd_errorsincludes\modules\easy-digital-downloads\privacy-consent.php:104
actionedd_checkout_form_bottomincludes\modules\easy-digital-downloads\privacy-consent.php:107
filterrender_blockincludes\modules\easy-digital-downloads\privacy-consent.php:108
actionedd_built_orderincludes\modules\easy-digital-downloads\privacy-consent.php:109
filtercn_is_preview_modeincludes\modules\elementor\elementor.php:21
actionadmin_initincludes\modules\formidable-forms\privacy-consent.php:42
filterdo_shortcode_tagincludes\modules\formidable-forms\privacy-consent.php:49
filterfrm_validate_entryincludes\modules\formidable-forms\privacy-consent.php:50
actioninitincludes\modules\hummingbird\hummingbird.php:24
actioncn_configuration_updatedincludes\modules\hummingbird\hummingbird.php:45
actioninitincludes\modules\litespeed-cache\litespeed-cache.php:22
filterlitespeed_optimize_js_excludesincludes\modules\litespeed-cache\litespeed-cache.php:31
filterlitespeed_optm_js_defer_exc includes\modules\litespeed-cache\litespeed-cache.php:32
actionadmin_initincludes\modules\mailchimp\privacy-consent.php:42
filtermc4wp_form_after_fieldsincludes\modules\mailchimp\privacy-consent.php:49
actionmc4wp_form_successincludes\modules\mailchimp\privacy-consent.php:50
actionplugins_loadedincludes\modules\speed-optimizer\speed-optimizer.php:24
actioncn_configuration_updatedincludes\modules\speed-optimizer\speed-optimizer.php:50
filtersgo_js_minify_excludeincludes\modules\speed-optimizer\speed-optimizer.php:53
filtersgo_javascript_combine_excludeincludes\modules\speed-optimizer\speed-optimizer.php:54
filtersgo_javascript_combine_excluded_external_pathsincludes\modules\speed-optimizer\speed-optimizer.php:55
filtersgo_javascript_combine_excluded_inline_contentincludes\modules\speed-optimizer\speed-optimizer.php:56
actionplugins_loadedincludes\modules\speedycache\speedycache.php:22
actioncn_configuration_updatedincludes\modules\speedycache\speedycache.php:48
actionadmin_initincludes\modules\woocommerce\privacy-consent.php:97
actionwoocommerce_register_formincludes\modules\woocommerce\privacy-consent.php:104
actionwp_loadedincludes\modules\woocommerce\privacy-consent.php:105
filterwoocommerce_process_registration_errorsincludes\modules\woocommerce\privacy-consent.php:106
filterwoocommerce_registration_auth_new_customerincludes\modules\woocommerce\privacy-consent.php:107
actionwoocommerce_new_orderincludes\modules\woocommerce\privacy-consent.php:110
actionwoocommerce_checkout_after_order_reviewincludes\modules\woocommerce\privacy-consent.php:111
filterrender_blockincludes\modules\woocommerce\privacy-consent.php:112
actionadmin_initincludes\modules\wordpress\privacy-consent.php:93
actioncomment_formincludes\modules\wordpress\privacy-consent.php:100
actioncomment_postincludes\modules\wordpress\privacy-consent.php:101
actioninitincludes\modules\wordpress\privacy-consent.php:102
actionshutdownincludes\modules\wordpress\privacy-consent.php:103
actionregister_formincludes\modules\wordpress\privacy-consent.php:106
filterregistration_errorsincludes\modules\wordpress\privacy-consent.php:107
actionplugins_loadedincludes\modules\wp-fastest-cache\wp-fastest-cache.php:22
actioncn_configuration_updatedincludes\modules\wp-fastest-cache\wp-fastest-cache.php:38
filterwpo_purge_cache_hooksincludes\modules\wp-optimize\wp-optimize.php:37
actionplugins_loadedincludes\modules\wp-rocket\wp-rocket.php:22
actioncn_configuration_updatedincludes\modules\wp-rocket\wp-rocket.php:36
filterrocket_exclude_defer_jsincludes\modules\wp-rocket\wp-rocket.php:39
filterrocket_exclude_jsincludes\modules\wp-rocket\wp-rocket.php:40
filterrocket_delay_js_exclusionsincludes\modules\wp-rocket\wp-rocket.php:41
filterrocket_delay_js_exclusionsincludes\modules\wp-rocket\wp-rocket.php:42
filterrocket_defer_inline_exclusionsincludes\modules\wp-rocket\wp-rocket.php:43
filterrocket_excluded_inline_js_contentincludes\modules\wp-rocket\wp-rocket.php:44
actioninitincludes\modules\wp-super-cache\wp-super-cache.php:22
actionadmin_initincludes\modules\wp-super-cache\wp-super-cache.php:23
actiondeactivated_cookie-notice/cookie-notice.phpincludes\modules\wp-super-cache\wp-super-cache.php:24
actioncn_configuration_updatedincludes\modules\wp-super-cache\wp-super-cache.php:40
actionadmin_initincludes\modules\wpforms\privacy-consent.php:42
actionwpforms_frontend_outputincludes\modules\wpforms\privacy-consent.php:49
actionplugins_loadedincludes\privacy-consent.php:24
actioninitincludes\privacy-consent.php:25
actioninitincludes\privacy-consent.php:26
actionadmin_initincludes\privacy-consent.php:27
actionadmin_menuincludes\settings.php:42
actionnetwork_admin_menuincludes\settings.php:43
actionafter_setup_themeincludes\settings.php:44
actionplugins_loadedincludes\settings.php:45
actionadmin_initincludes\settings.php:46
actionadmin_initincludes\settings.php:47
actionadmin_initincludes\settings.php:48
actionadmin_enqueue_scriptsincludes\settings.php:49
actionadmin_print_stylesincludes\settings.php:50
actionadmin_noticesincludes\settings.php:53
actionnetwork_admin_noticesincludes\settings.php:54
filtersubmenu_fileincludes\settings.php:343
filtersafe_style_cssincludes\settings.php:1183
filtersafe_style_cssincludes\settings.php:1991
filtersafe_style_cssincludes\settings.php:2022
actioninitincludes\welcome-api.php:21
actioncookie_notice_get_app_analyticsincludes\welcome-api.php:22
actioncookie_notice_get_app_configincludes\welcome-api.php:23
actionafter_setup_themeincludes\welcome-frontend.php:21
filtershow_admin_barincludes\welcome-frontend.php:35
filtercn_cookie_notice_outputincludes\welcome-frontend.php:36
actionwp_enqueue_scriptsincludes\welcome-frontend.php:39
actionwp_enqueue_scriptsincludes\welcome-frontend.php:43
actionwp_headincludes\welcome-frontend.php:44
actionplugins_loadedincludes\welcome.php:23
actionadmin_initincludes\welcome.php:24
actionadmin_initincludes\welcome.php:25
filterkses_allowed_protocolsincludes\welcome.php:44
actionadmin_enqueue_scriptsincludes\welcome.php:185
actionadmin_footerincludes\welcome.php:186
filtersafe_style_cssincludes\welcome.php:827

Scheduled Events 2

cookie_notice_get_app_analytics
cookie_notice_get_app_config
Maintenance & Trust

Cookie Notice & Compliance for GDPR / CCPA Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 4, 2026
PHP min version7.4
Downloads36.2M

Community Trust

Rating96/100
Number of ratings3,020
Active installs900K
Alternatives

Cookie Notice & Compliance for GDPR / CCPA Alternatives

CookieJar

CookieJar

cookiejar

A
100

Cookie consent banner and basic compliance tools (GDPR/CCPA) with simple setup and accessible UI.

0 No CVEs
TermsFeed AutoTerms: Privacy Policy Generator, Cookie Consent, GDPR, CCPA, Terms & Conditions, Disclaimers, Cookies Policy, EULA

TermsFeed AutoTerms: Privacy Policy Generator, Cookie Consent, GDPR, CCPA, Terms & Conditions, Disclaimers, Cookies Policy, EULA

auto-terms-of-service-and-privacy-policy

A
100

All-in-One compliance solution from TermsFeed: Generator of Privacy Policy, T&Cs, Affiliate Disclaimers and Cookie Consent Notice Banner.

90K No CVEs
Termly – GDPR/CCPA Cookie Consent Banner

Termly – GDPR/CCPA Cookie Consent Banner

uk-cookie-consent

A
99

Our easy to use cookie consent plugin can assist in your GDPR, CCPA, and ePrivacy Directive compliance efforts.

90K 2 CVEs
Pressidium Cookie Consent

Pressidium Cookie Consent

pressidium-cookie-consent

A
100

Lightweight, user-friendly and customizable cookie consent banner to help you comply with the EU GDPR cookie law and CCPA regulations.

10K No CVEs
Termageddon: Cookie Consent & Privacy Compliance

Termageddon: Cookie Consent & Privacy Compliance

termageddon-usercentrics

A
99

The most comprehensive cookie consent solution for WordPress. Automatically show consent banners based on visitor location with smart geolocation targ &hellip;

6K 1 CVE
Developer Profile

Cookie Notice & Compliance for GDPR / CCPA Developer Profile

Humanityco

1 plugin · 900K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
280 days
View full developer profile
Detection Fingerprints

How We Detect Cookie Notice & Compliance for GDPR / CCPA

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cookie-notice/js/cookie-notice-frontend.js/wp-content/plugins/cookie-notice/css/cookie-notice-frontend.css/wp-content/plugins/cookie-notice/js/cookie-notice-frontend-legacy.js/wp-content/plugins/cookie-notice/js/cookie-notice-admin.js/wp-content/plugins/cookie-notice/css/cookie-notice-admin.css
Script Paths
//cdn.hu-manity.co/hu-banner.min.js
Version Parameters
cookie-notice/css/cookie-notice-frontend.css?ver=cookie-notice/js/cookie-notice-frontend.js?ver=cookie-notice/js/cookie-notice-frontend-legacy.js?ver=cookie-notice/js/cookie-notice-admin.js?ver=cookie-notice/css/cookie-notice-admin.css?ver=

HTML / DOM Fingerprints

CSS Classes
cn-wrappercookie-notice-containercookie-notice-closecookie-notice-acceptcookie-notice-refusecookie-notice-more-infocookie-notice-barcookie-notice-message
Data Attributes
data-cli-iddata-cli-transition-speeddata-cli-delay-options
JS Globals
cnArgs
FAQ

Frequently Asked Questions about Cookie Notice & Compliance for GDPR / CCPA