Does CookieFox – Cookie Notice have any unpatched vulnerabilities?

No. All known vulnerabilities in CookieFox – Cookie Notice have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CookieFox – Cookie Notice compatible with WordPress 6.8.5?

According to WordPress.org data, CookieFox – Cookie Notice 2.0.11 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is CookieFox – Cookie Notice compatible with PHP 7.3+?

CookieFox – Cookie Notice requires PHP 7.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CookieFox – Cookie Notice updated?

CookieFox – Cookie Notice was last updated on Jun 21, 2025. Frequent updates are generally a positive security signal.

What is CookieFox – Cookie Notice's security score?

CookieFox – Cookie Notice has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CookieFox – Cookie Notice Security & Risk Analysis

wordpress.org/plugins/cookiefox

CookieFox is a performant and accessible cookie notice and consent solution for WordPress.

400 active installs v2.0.11 PHP 7.3+ WP 5.0+ Updated Jun 21, 2025

cookiecookie-bannercookie-consentcookie-noticeprivacy

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is CookieFox – Cookie Notice Safe to Use in 2026?

Generally Safe

Score 100/100

CookieFox – Cookie Notice has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 9mo ago

Risk Assessment

The cookiefox plugin version 2.0.11 exhibits a generally good security posture due to the absence of known vulnerabilities, dangerous functions, file operations, and external HTTP requests. The code also demonstrates strong practices by utilizing prepared statements for all SQL queries and a good rate of output escaping (75%). The presence of a nonce check is also a positive indicator. However, there is a notable concern regarding the REST API. One of the REST API routes lacks permission callbacks, creating a potential entry point that is not adequately protected and could be exploited by unauthenticated users. While taint analysis shows no issues, this unprotected REST API route represents the most significant risk identified in the static analysis. The lack of any recorded vulnerability history is a positive sign, suggesting a history of responsible development and maintenance. Overall, the plugin is well-built with good security habits, but the unprotected REST API endpoint requires immediate attention to mitigate potential risks.

Key Concerns

REST API route without permission callbacks
Low percentage of properly escaped output

Vulnerabilities

None known

CookieFox – Cookie Notice Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CookieFox – Cookie Notice Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

24 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

75% escaped32 total outputs

Attack Surface

1 unprotected

CookieFox – Cookie Notice Attack Surface

Entry Points2

Unprotected1

REST API Routes 1

GET/wp-json/cookiefox/v1/cookiesincludes\class-rest_api.php:18

Shortcodes 1

[cookiefox_show_notice] includes\class-shortcode.php:18

WordPress Hooks 42

actionadmin_enqueue_scriptsincludes\class-cmb2.php:14

actionadmin_headincludes\class-cmb2.php:15

filtercmb2_wrap_classesincludes\class-cmb2.php:16

actioninitincludes\class-embeds.php:14

filterembed_oembed_htmlincludes\class-embeds.php:30

filtervideo_embed_htmlincludes\class-embeds.php:31

filtercookiefox_consentincludes\class-embeds.php:32

actionwpincludes\class-frontend.php:14

filtercookiefox_prepare_scriptsincludes\class-frontend.php:15

actionwp_enqueue_scriptsincludes\class-frontend.php:24

actionwp_footerincludes\class-frontend.php:25

actionwp_headincludes\class-frontend.php:26

actionwp_headincludes\class-frontend.php:37

actioninitincludes\class-internationalization.php:14

filtercookiefox_settings_field_descincludes\class-internationalization.php:15

filtercookiefox_settings_title_descincludes\class-internationalization.php:16

actioncookiefox_internationalization_initincludes\class-internationalization.php:17

actioninitincludes\class-main.php:27

actioninitincludes\class-post_type.php:20

actioncmb2_admin_initincludes\class-post_type.php:21

filteruse_block_editor_for_post_typeincludes\class-post_type.php:22

actionadmin_initincludes\class-post_type.php:23

actionpre_get_postsincludes\class-post_type.php:24

filterdefault_hidden_meta_boxesincludes\class-post_type.php:25

actionadmin_headincludes\class-post_type.php:26

filtermanage_cookiefox_cookie_posts_columnsincludes\class-post_type.php:27

filtermanage_cookiefox_cookie_posts_custom_columnincludes\class-post_type.php:28

filtermanage_edit-cookiefox_cookie_sortable_columnsincludes\class-post_type.php:29

filterparent_fileincludes\class-post_type.php:30

filtersubmenu_fileincludes\class-post_type.php:31

actionall_admin_noticesincludes\class-post_type.php:32

filterterms_clausesincludes\class-post_type.php:327

actionrest_api_initincludes\class-rest_api.php:14

actionadmin_initincludes\class-sample_content.php:17

actionadmin_noticesincludes\class-sample_content.php:18

actioncmb2_admin_initincludes\class-settings.php:14

actioninitincludes\class-shortcode.php:14

actioncmb2_render_buttonincludes\cmb2\class-cmb2-button.php:14

actioncmb2_sanitize_buttonincludes\cmb2\class-cmb2-button.php:15

actioncmb2_render_toggleincludes\cmb2\class-cmb2-toggle.php:14

actioncmb2_sanitize_toggleincludes\cmb2\class-cmb2-toggle.php:15

actionadmin_headincludes\cmb2\class-cmb2-toggle.php:16

Maintenance & Trust

CookieFox – Cookie Notice Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedJun 21, 2025

PHP min version7.3

Downloads10K

Community Trust

Rating100/100

Number of ratings7

Active installs400

Alternatives

CookieFox – Cookie Notice Alternatives

Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode

cookiebot

Install your cookie banner in minutes. Automatically scan and block cookies to comply with the GDPR, CCPA, Google Consent Mode v2. Free plan option.

100K 4 CVEs

Icegram Cookie Manager – Simple Cookie Consent & Compliance Banner

icegram-cookie-manager

100

Add personalized cookie information and link to your WordPress privacy policy page.

0 No CVEs

SmartCookieBar

smartcookiebar

100

"Cookie banner plugin for compliance with GDPR, displaying consent options and privacy info."

0 No CVEs

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)

cookie-law-info

100

Easily set up cookie banner or notice in WordPress, and policy pages for compliance with global cookie laws (GDPR, DSGVO, RGPD, CCPA/CPRA, etc).

1.0M 1 CVE

Real Cookie Banner: GDPR & ePrivacy Cookie Consent

real-cookie-banner

Obtain GDPR (DSGVO/RGPD) and ePrivacy Directive (TDDDG/TTDSG, LOPD-GDD, DTA) compliant consents in your cookie banner. More than just a cookie notice!

100K 4 CVEs

Developer Profile

CookieFox – Cookie Notice Developer Profile

Fabian Pimminger

1 plugin · 400 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CookieFox – Cookie Notice

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cookiefox/assets/frontend/css/main.css/wp-content/plugins/cookiefox/assets/frontend/js/main.js/wp-content/plugins/cookiefox/assets/frontend/js/legacy.js

HTML / DOM Fingerprints

CSS Classes

cookiefox-mb

Data Attributes

data-nosnippet

JS Globals

cookiefox

FAQ