WP-Safety

CookieCode Security & Risk Analysis

wordpress.org/plugins/cookiecode

CookieCode enables your website to automatically comply with GDPR and e-privacy rules

400 active installs v2.4.4 PHP 5.6+ WP 4.4+ Updated Mar 5, 2025
avgconsentcookieeugdpr
70
B · Generally Safe
CVEs total1
Unpatched1
Last CVEMay 7, 2025
Plugin page Download
Safety Verdict

Is CookieCode Safe to Use in 2026?

Mostly Safe

Score 70/100

CookieCode is generally safe to use though it hasn't been updated recently. 1 past CVE were resolved. Keep it updated.

1 known CVE 1 unpatched Last CVE: May 7, 2025Updated 1yr ago
Risk Assessment

The cookiecode plugin version 2.4.4 presents a mixed security posture. On one hand, the static analysis indicates a lack of direct attack surface through AJAX, REST API, shortcodes, or cron events, which is a positive sign. The absence of dangerous functions, file operations, and external HTTP requests further contributes to a reduced threat landscape. Furthermore, all SQL queries are using prepared statements, indicating good database interaction practices.

However, a significant concern arises from the complete lack of output escaping. This means that any data rendered by the plugin could potentially be vulnerable to Cross-Site Scripting (XSS) attacks if not properly sanitized beforehand. While no specific taint flows or raw SQL were identified in the static analysis, the output escaping deficiency creates a critical entry point for attacks. The vulnerability history, with one unpatched medium severity CVE related to XSS, reinforces this concern. The existence of past XSS vulnerabilities, combined with the current lack of output escaping, suggests a recurring weakness that attackers could exploit.

In conclusion, while the plugin avoids common attack vectors and demonstrates good practices in database interaction and avoiding dangerous functions, the critical oversight in output escaping poses a substantial risk. The historical presence of XSS vulnerabilities further elevates this concern, making it imperative for users to address the lack of output escaping and for developers to patch the outstanding CVE.

Key Concerns

  • Unpatched medium severity CVE
  • 0% output escaping
  • No nonce checks detected
Vulnerabilities
1

CookieCode Security Vulnerabilities

CVEs by Year

1 CVE in 2025 · unpatched
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-47668medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CookieCode <= 2.4.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 7, 2025Unpatched
Code Analysis
Analyzed Mar 16, 2026

CookieCode Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
3
0 escaped
Nonce Checks
0
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

0% escaped3 total outputs
Attack Surface

CookieCode Attack Surface

Entry Points0
Unprotected0
WordPress Hooks 17
actionadmin_menucookiecode.php:46
actionadmin_initcookiecode.php:49
actionwp_enqueue_scriptscookiecode.php:51
actionwp_headcookiecode.php:52
filterscript_loader_tagcookiecode.php:53
actionadmin_bar_menucookiecode.php:56
actionplugins_loadedcookiecode.php:58
actionplugins_loadedcookiecode.php:59
filterrocket_exclude_defer_jscookiecode.php:342
filterrocket_minify_excluded_external_jscookiecode.php:343
filtersgo_js_minify_excludecookiecode.php:348
filtersgo_js_async_excludecookiecode.php:349
filtersgo_javascript_combine_excludecookiecode.php:350
filtersgo_javascript_combine_excluded_external_pathscookiecode.php:351
filterwphb_minify_resourcecookiecode.php:356
filterwphb_combine_resourcecookiecode.php:357
filterwphb_minification_display_enqueued_filecookiecode.php:358
Maintenance & Trust

CookieCode Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedMar 5, 2025
PHP min version5.6
Downloads6K

Community Trust

Rating100/100
Number of ratings4
Active installs400
Alternatives

CookieCode Alternatives

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

gdpr-cookie-consent

A
89

WPLP Cookie Consent helps WordPress website owners display cookie consent banners, manage user preferences, and control third-party scripts in line wi &hellip;

10K 10 CVEs
EU Cookies Bar for WordPress

EU Cookies Bar for WordPress

eu-cookies-bar

A
100

Ensure GDPR (General Data Protection Regulation) compliance (EU Cookie Law) with our straightforward cookie bar

9K No CVEs
CCM19 Integration

CCM19 Integration

ccm19-integration

A
100

Integrates the CCM19 Cookie Consent Manager into WordPress. To use this plugin CCM19 needs to be bought or leased.

4K No CVEs
CookiePro | Simplify Compliance with GDPR & EU Cookie Laws

CookiePro | Simplify Compliance with GDPR & EU Cookie Laws

cookiepro

A
85

CookiePro is the most mature and trusted cookie consent tool that is purpose-built for compliance with GDPR, ePrivacy and IAB framework.

2K No CVEs
Klaro Consent Manager

Klaro Consent Manager

klaro-consent-manager

A
85

This lightweight plugin will help you make your website fully compatible with last EU GDPR policies.

200 No CVEs
Developer Profile

CookieCode Developer Profile

cookiecode

1 plugin · 400 total installs

73
trust score
Avg Security Score
70/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CookieCode

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cookiecode/assets/css/cookiecode-admin.css/wp-content/plugins/cookiecode/assets/js/cookiecode-admin.js/wp-content/plugins/cookiecode/dist/cookiecode.js
Script Paths
https://cdn.cookiecode.nl/dist/latest.js
Version Parameters
cookiecode/dist/cookiecode.js?ver=

HTML / DOM Fingerprints

CSS Classes
cookiecode-settingspraivacy-settings
JS Globals
CookieCode
FAQ

Frequently Asked Questions about CookieCode