WP-Safety

Cookie Notice & Consent Banner for GDPR & CCPA Compliance Security & Risk Analysis

wordpress.org/plugins/cookie-notice-and-consent-banner

Install a Cookie Notice or Consent Banner as Required by Privacy Laws (GDPR & CCPA).

6K active installs v1.7.14 PHP + WP 5.0+ Updated Oct 29, 2025
ccpacompliancecookiecookie-consentgdpr
98
A · Safe
CVEs total2
Unpatched0
Last CVESep 3, 2025
Download
Safety Verdict

Is Cookie Notice & Consent Banner for GDPR & CCPA Compliance Safe to Use in 2026?

Generally Safe

Score 98/100

Cookie Notice & Consent Banner for GDPR & CCPA Compliance has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Sep 3, 2025Updated 5mo ago
Risk Assessment

The plugin 'cookie-notice-and-consent-banner' v1.7.14 exhibits a mixed security posture. While it demonstrates good practices such as using prepared statements for all SQL queries and a high percentage of properly escaped output, there are significant concerns regarding its attack surface and vulnerability history. The presence of two AJAX handlers without authentication checks represents a direct pathway for potential unauthorized actions or information leakage. The taint analysis, though indicating no critical or high severity flows, did identify one flow with an unsanitized path, which could be a precursor to vulnerabilities if not properly handled. The plugin's vulnerability history, with two known medium severity CVEs, both related to Cross-site Scripting, suggests a recurring pattern of input sanitization weaknesses. Although there are currently no unpatched vulnerabilities, this history warrants vigilance. Overall, the plugin has strengths in its data handling and output escaping but requires attention to its access control mechanisms and a consistent effort to address past vulnerability types.

Key Concerns

  • Unprotected AJAX handlers
  • Unsanitized path in taint flow
  • Medium severity CVEs in history
Vulnerabilities
2

Cookie Notice & Consent Banner for GDPR & CCPA Compliance Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-58607medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cookie Notice &amp; Consent Banner for GDPR &amp; CCPA Compliance <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 3, 2025 Patched in 1.7.12 (7d)
CVE-2021-24590medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cookie Notice & Consent Banner for GDPR & CCPA Compliance <= 1.7.1 - Authenticated Stored Cross-Site Scripting

Aug 6, 2021 Patched in 1.7.2 (900d)
Code Analysis
Analyzed Mar 16, 2026

Cookie Notice & Consent Banner for GDPR & CCPA Compliance Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
9
132 escaped
Nonce Checks
1
Capability Checks
1
File Operations
0
External Requests
2
Bundled Libraries
0

Output Escaping

94% escaped141 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

4 flows1 with unsanitized paths
ajax_cncb_feature_feedback (includes\admin\class-cncb-admin.php:372)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

Cookie Notice & Consent Banner for GDPR & CCPA Compliance Attack Surface

Entry Points4
Unprotected2

AJAX Handlers 3

authwp_ajax_cncb_feature_feedbackincludes\admin\class-cncb-admin.php:67
authwp_ajax_cncb_disable_noticeincludes\admin\class-cncb-admin.php:68
authwp_ajax_cncb_deactivate_feedbackincludes\admin\class-cncb-deactivate-popup.php:57

Shortcodes 1

[revoke_consent] class-cncb-main.php:131
WordPress Hooks 18
actionplugins_loadedclass-cncb-main.php:126
actionwp_enqueue_scriptsclass-cncb-main.php:127
actionwp_headclass-cncb-main.php:128
actionwp_footerclass-cncb-main.php:129
actionwp_footerclass-cncb-main.php:130
actionplugins_loadedclass-cncb-main.php:290
actionplugins_loadedincludes\admin\class-cncb-admin.php:63
actionadmin_menuincludes\admin\class-cncb-admin.php:64
actionadmin_enqueue_scriptsincludes\admin\class-cncb-admin.php:65
filterplugin_action_links_cookie-notice-and-consent-banner/class-cncb-main.phpincludes\admin\class-cncb-admin.php:66
actionadmin_noticesincludes\admin\class-cncb-admin.php:69
actioncurrent_screenincludes\admin\class-cncb-deactivate-popup.php:48
actionadmin_enqueue_scriptsincludes\admin\class-cncb-deactivate-popup.php:53
actionadmin_footerincludes\admin\class-cncb-deactivate-popup.php:68
actioncustomize_registerincludes\customizer\class-cncb-customizer.php:31
actioncustomize_preview_initincludes\customizer\class-cncb-customizer.php:33
actioncustomize_registerincludes\customizer\custom-controls.php:10
actioncustomize_registerincludes\customizer\custom-controls.php:11
Maintenance & Trust

Cookie Notice & Consent Banner for GDPR & CCPA Compliance Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedOct 29, 2025
PHP min version
Downloads67K

Community Trust

Rating84/100
Number of ratings15
Active installs6K
Alternatives

Cookie Notice & Consent Banner for GDPR & CCPA Compliance Alternatives

CookieTrust

CookieTrust

cookietrust

A
100

Cookie consent management powered by CookieTrust.io - GDPR & CCPA compliant cookie banner for WordPress.

0 No CVEs
Geo Targetly Geo Consent

Geo Targetly Geo Consent

geo-consent

A
100

Display cookie consent banners only where needed, by country. Stay compliant with global privacy laws like GDPR, CCPA, LGPD & more.

0 No CVEs
GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

gdpr-cookie-compliance

A
97

Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo &hellip;

300K 9 CVEs
Termly – GDPR/CCPA Cookie Consent Banner

Termly – GDPR/CCPA Cookie Consent Banner

uk-cookie-consent

A
99

Our easy to use cookie consent plugin can assist in your GDPR, CCPA, and ePrivacy Directive compliance efforts.

90K 2 CVEs
Termageddon: Cookie Consent & Privacy Compliance

Termageddon: Cookie Consent & Privacy Compliance

termageddon-usercentrics

A
99

The most comprehensive cookie consent solution for WordPress. Automatically show consent banners based on visitor location with smart geolocation targ &hellip;

6K 1 CVE
Developer Profile

Cookie Notice & Consent Banner for GDPR & CCPA Compliance Developer Profile

GDPR Info

1 plugin · 6K total installs

78
trust score
Avg Security Score
98/100
Avg Patch Time
454 days
View full developer profile
Detection Fingerprints

How We Detect Cookie Notice & Consent Banner for GDPR & CCPA Compliance

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cookie-notice-and-consent-banner/css/cookiebanner.css/wp-content/plugins/cookie-notice-and-consent-banner/js/cookiebanner.js/wp-content/plugins/cookie-notice-and-consent-banner/js/cookiebanner-init.js
Script Paths
/wp-content/plugins/cookie-notice-and-consent-banner/js/cookiebanner.js/wp-content/plugins/cookie-notice-and-consent-banner/js/cookiebanner-init.js
Version Parameters
cookie-notice-and-consent-banner/js/cookiebanner.js?ver=cookie-notice-and-consent-banner/js/cookiebanner-init.js?ver=

HTML / DOM Fingerprints

CSS Classes
cncb-js-restorecncb-banner
Data Attributes
data-cncb-options
JS Globals
cncb_plugin_object
Shortcode Output
<a href="#" class="cncb-js-restore">
FAQ

Frequently Asked Questions about Cookie Notice & Consent Banner for GDPR & CCPA Compliance