WP-Safety

Cookies and Content Security Policy Security & Risk Analysis

wordpress.org/plugins/cookies-and-content-security-policy

Be fully GDPR and CCPA compliant through Content Security Policy. Blocks cookies and unwanted external content.

10K active installs v2.37 PHP 7.4+ WP 5.0+ Updated Feb 17, 2026
ccpacontent-security-policycookie-barcookiesgdpr
98
A · Safe
CVEs total2
Unpatched0
Last CVEJan 5, 2026
Plugin page Download
Safety Verdict

Is Cookies and Content Security Policy Safe to Use in 2026?

Generally Safe

Score 98/100

Cookies and Content Security Policy has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jan 5, 2026Updated 1mo ago
Risk Assessment

The "cookies-and-content-security-policy" plugin v2.37 presents a mixed security posture. While it demonstrates some good practices, such as a low number of SQL queries and a high percentage of prepared statements, several concerning aspects warrant attention. The static analysis reveals a notable attack surface with one unprotected REST API route, increasing the risk of unauthorized access or manipulation. Furthermore, a significant portion of output (61%) is not properly escaped, posing a risk of cross-site scripting (XSS) vulnerabilities. The taint analysis highlights two high-severity flows with unsanitized paths, indicating potential for sensitive data exposure or unauthorized actions. The vulnerability history shows two past medium-severity CVEs related to exposure of sensitive information, which, while currently patched, suggests a recurring pattern of vulnerabilities in this area. The plugin's strengths lie in its minimal use of dangerous functions and file operations. However, the combination of an unprotected entry point, potential for XSS, and historical sensitive information exposure issues necessitates caution.

Key Concerns

  • REST API route without permission callbacks
  • High severity taint flows with unsanitized paths
  • Significant percentage of unescaped output
  • Past medium severity CVEs related to data exposure
Vulnerabilities
2

Cookies and Content Security Policy Security Vulnerabilities

CVEs by Year

1 CVE in 2023
2023
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-63019medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Cookies and Content Security Policy <= 2.34 - Unauthenticated Information Exposure

Jan 5, 2026 Patched in 2.35 (15d)
CVE-2023-40662medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

Cookies and Content Security Policy <= 2.15 - Sensitive Information Exposure

Aug 18, 2023 Patched in 2.16 (158d)
Code Analysis
Analyzed Mar 16, 2026

Cookies and Content Security Policy Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
4 prepared
Unescaped Output
191
123 escaped
Nonce Checks
5
Capability Checks
4
File Operations
2
External Requests
0
Bundled Libraries
0

SQL Query Safety

80% prepared5 total queries

Output Escaping

39% escaped314 total outputs
Data Flows
4 unsanitized

Data Flow Analysis

6 flows4 with unsanitized paths
set_content_security_policy (inc\set-cacsp.php:5)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Cookies and Content Security Policy Attack Surface

Entry Points3
Unprotected1

AJAX Handlers 2

authwp_ajax_cacsp_insert_consent_datainc\functions.php:253
noprivwp_ajax_cacsp_insert_consent_datainc\functions.php:254

REST API Routes 1

GET/wp-json/cacsp/v1/texts/inc\set-cacsp.php:195
WordPress Hooks 21
actioninitcookies-and-content-security-policy.php:20
actioninitcookies-and-content-security-policy.php:32
actionwp_enqueue_scriptscookies-and-content-security-policy.php:43
actionlogin_enqueue_scriptscookies-and-content-security-policy.php:44
actionwp_headcookies-and-content-security-policy.php:118
actionlogin_headcookies-and-content-security-policy.php:119
filterbody_classcookies-and-content-security-policy.php:300
filterlogin_body_classcookies-and-content-security-policy.php:301
actionsend_headerscookies-and-content-security-policy.php:318
actionadmin_enqueue_scriptscookies-and-content-security-policy.php:327
actionwp_footerinc\modal-cacsp.php:5
actionlogin_footerinc\modal-cacsp.php:6
actionnetwork_admin_menuinc\network.php:6
actioninitinc\plugin-compability.php:8
actionwp_headinc\set-cacsp.php:151
actionwp_headinc\set-cacsp.php:156
actionwp_headinc\set-cacsp.php:176
actionrest_api_initinc\set-cacsp.php:194
actionsend_headersinc\set-cacsp.php:218
actionlogin_enqueue_scriptsinc\set-cacsp.php:219
actionadmin_menuinc\settings-cacsp.php:71
Maintenance & Trust

Cookies and Content Security Policy Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 17, 2026
PHP min version7.4
Downloads469K

Community Trust

Rating98/100
Number of ratings67
Active installs10K
Alternatives

Cookies and Content Security Policy Alternatives

Cookie Notice & Compliance for GDPR / CCPA

Cookie Notice & Compliance for GDPR / CCPA

cookie-notice

A
95

Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.

900K 6 CVEs
Pressidium Cookie Consent

Pressidium Cookie Consent

pressidium-cookie-consent

A
100

Lightweight, user-friendly and customizable cookie consent banner to help you comply with the EU GDPR cookie law and CCPA regulations.

10K No CVEs
CookieJar

CookieJar

cookiejar

A
100

Cookie consent banner and basic compliance tools (GDPR/CCPA) with simple setup and accessible UI.

0 No CVEs
WPSS Cookies

WPSS Cookies

wpss-cookies

A
85

A simple way to add a cookie consent message in your WordPress

0 No CVEs
GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

gdpr-cookie-compliance

A
97

Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo &hellip;

300K 9 CVEs
Developer Profile

Cookies and Content Security Policy Developer Profile

Johan Jonk Stenström

10 plugins · 14K total installs

72
trust score
Avg Security Score
90/100
Avg Patch Time
202 days
View full developer profile
Detection Fingerprints

How We Detect Cookies and Content Security Policy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/cookies-and-content-security-policy/css/cookies-and-content-security-policy.min.css/wp-content/plugins/cookies-and-content-security-policy/js/js.cookie.min.js/wp-content/plugins/cookies-and-content-security-policy/js/cookies-and-content-security-policy.min.js/wp-content/plugins/cookies-and-content-security-policy/js/cookies-and-content-security-policy.js
Version Parameters
cookies-and-content-security-policy/css/cookies-and-content-security-policy.min.css?ver=cookies-and-content-security-policy/js/js.cookie.min.js?ver=cookies-and-content-security-policy/js/cookies-and-content-security-policy.min.js?ver=cookies-and-content-security-policy/js/cookies-and-content-security-policy.js?ver=

HTML / DOM Fingerprints

CSS Classes
cacsp-review-settings-descriptioncacsp-review-settings-buttoncacsp-not-allowed-descriptioncacsp-not-allowed-buttoncacsp-review-settings-description-contentcacsp-review-settings-button-contentcacsp-not-allowed-description-contentcacsp-not-allowed-button-content+13 more
HTML Comments
<!-- Start Content Security Policy and Cookie Consent by Follow me Darling --><!-- End Content Security Policy and Cookie Consent by Follow me Darling -->
Data Attributes
data-cacsp-cookie-categoriesdata-cacsp-cookie-block-messagedata-cacsp-cookie-block-button-textdata-cacsp-cookie-block-button-linkdata-cacsp-cookie-block-button-link-targetdata-cacsp-cookie-block-button-settings-text+21 more
JS Globals
cacsp_ajax_objectcacspMessages
FAQ

Frequently Asked Questions about Cookies and Content Security Policy