WP-Safety

Cookie Warning Security & Risk Analysis

wordpress.org/plugins/cookie-warning

Asks users' consent for using cookies or redirects them out of your site.

800 active installs v1.3 PHP + WP 3.3.2+ Updated Aug 9, 2013
cookie-warningeu-cookie-lawterms-and-conditionsuk-cookie-lawuser-privacy
42
D · High Risk
CVEs total2
Unpatched2
Last CVEAug 18, 2025
Plugin page Download
Safety Verdict

Is Cookie Warning Safe to Use in 2026?

High Risk

Score 42/100

Cookie Warning carries significant security risk with 2 known CVEs, 2 still unpatched. Consider switching to a maintained alternative.

2 known CVEs 2 unpatched Last CVE: Aug 18, 2025Updated 12yr ago
Risk Assessment

The "cookie-warning" plugin v1.3 exhibits a mixed security posture. While it demonstrates good practices in some areas, such as the absence of dangerous functions, 100% use of prepared statements for SQL queries, and no file operations or external HTTP requests, there are significant concerns. The plugin's attack surface is comprised entirely of two AJAX handlers, both of which lack authentication checks. This represents a direct pathway for unauthenticated users to interact with sensitive plugin functionality. The static analysis also reveals a concerning rate of output escaping at only 53%, which, combined with the unprotected AJAX endpoints, strongly suggests a high risk of Cross-Site Scripting (XSS) vulnerabilities. Furthermore, the plugin has a history of two known medium-severity vulnerabilities, specifically XSS and CSRF, with both currently unpatched. The most recent vulnerability was discovered in August 2025, indicating a recurring pattern of security weaknesses. The lack of capability checks on the identified AJAX endpoints exacerbates these risks, as any user, even an unauthenticated one, could potentially exploit these entry points. The absence of taint analysis data could be misleading; however, the clear presence of unprotected entry points and poor output escaping are substantial indicators of risk.

Key Concerns

  • Unpatched CVEs (2 medium)
  • AJAX handlers without auth checks (2)
  • Output escaping below 80%
  • Total entry points are unprotected
  • No nonce checks on AJAX handlers
Vulnerabilities
2

Cookie Warning Security Vulnerabilities

CVEs by Year

2 CVEs in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-49428medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cookie Warning <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Aug 18, 2025Unpatched
CVE-2025-49426medium · 4.3Cross-Site Request Forgery (CSRF)

Cookie Warning <= 1.3 - Cross-Site Request Forgery

Aug 18, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

Cookie Warning Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
8 escaped
Nonce Checks
0
Capability Checks
1
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

53% escaped15 total outputs
Attack Surface
2 unprotected

Cookie Warning Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_php_clear_cookiescookie-warning.php:36
noprivwp_ajax_php_clear_cookiescookie-warning.php:37
WordPress Hooks 3
actionadmin_menucookie-warning-options.php:3
actionadmin_initcookie-warning-options.php:4
actionwp_enqueue_scriptscookie-warning.php:33
Maintenance & Trust

Cookie Warning Maintenance & Trust

Maintenance Signals

WordPress version tested3.6.1
Last updatedAug 9, 2013
PHP min version
Downloads43K

Community Trust

Rating100/100
Number of ratings5
Active installs800
Alternatives

Cookie Warning Alternatives

Complianz – Terms and Conditions

Complianz – Terms and Conditions

complianz-terms-conditions

A
100

Configure your own Terms and Conditions specific to your service or webshop.

300K No CVEs
iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more

iubenda-cookie-law-solution

A
97

The solution for GDPR compliance + more. Get your cookie banner, privacy policy, terms and conditions and handle cookie consent in just one plugin.

200K 4 CVEs
Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

gdpr-cookie-consent

A
89

WPLP Cookie Consent helps WordPress website owners display cookie consent banners, manage user preferences, and control third-party scripts in line wi &hellip;

10K 10 CVEs
Italy Cookie Choices (for EU Cookie Law & Cookie Notice)

Italy Cookie Choices (for EU Cookie Law & Cookie Notice)

italy-cookie-choices

A
85

The most complete cookie consent to easily comply with the european cookie law, display cookie notice and block third party cookie without degrading w &hellip;

10K No CVEs
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

legal-pages

A
95

The best WordPress legal pages generator that comes with pre-made templates for GDPR, CCPA, DMCA, Privacy Policy, Terms & Conditions, Cookie Polic &hellip;

10K 7 CVEs
Developer Profile

Cookie Warning Developer Profile

Dourou

1 plugin · 800 total installs

53
trust score
Avg Security Score
42/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Cookie Warning

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cookie-warning/cookiewarning.css/wp-content/plugins/cookie-warning/cookiewarning.js
Script Paths
/wp-content/plugins/cookie-warning/cookiewarning.js

HTML / DOM Fingerprints

JS Globals
user_options
FAQ

Frequently Asked Questions about Cookie Warning