Does CookieTractor have any unpatched vulnerabilities?

No. All known vulnerabilities in CookieTractor have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is CookieTractor compatible with WordPress 6.9.4?

According to WordPress.org data, CookieTractor 1.1.4 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is CookieTractor compatible with PHP 7.2+?

CookieTractor requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is CookieTractor updated?

CookieTractor was last updated on Dec 1, 2025. Frequent updates are generally a positive security signal.

What is CookieTractor's security score?

CookieTractor has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

CookieTractor Security & Risk Analysis

wordpress.org/plugins/cookietractor

CookieTractor – The User-Friendly Cookie Banner

20 active installs v1.1.4 PHP 7.2+ WP 5.7+ Updated Dec 1, 2025

cmpcookie-bannercookie-consentcookie-policygdpr

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is CookieTractor Safe to Use in 2026?

Generally Safe

Score 100/100

CookieTractor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 4mo ago

Risk Assessment

The "cookietractor" v1.1.4 plugin exhibits a generally strong security posture based on the provided static analysis and vulnerability history. The plugin has no known historical vulnerabilities, which is a very positive indicator. The static analysis reveals a small attack surface with no unprotected entry points. Furthermore, the code demonstrates good security practices, with no dangerous functions, all SQL queries using prepared statements, and all outputs properly escaped. There are also no file operations or external HTTP requests, further reducing potential attack vectors.

Despite these strengths, there are areas that could be improved. The absence of nonce checks and capability checks across all identified entry points represents a notable concern. While the current static analysis did not detect any exploitable taint flows or unprotected AJAX/REST API endpoints, the lack of these fundamental security mechanisms leaves the plugin susceptible to certain types of attacks if functionalities were to be introduced or modified without proper authorization checks. The vulnerability history being clean is encouraging, but it doesn't negate the need for robust access control for all plugin functionalities.

In conclusion, "cookietractor" v1.1.4 is currently in a good security state, primarily due to the absence of known vulnerabilities and the diligent use of prepared statements and output escaping. However, the lack of nonce and capability checks presents a potential weakness that should be addressed to ensure comprehensive security, especially as the plugin evolves. It's a solid foundation, but access control needs strengthening.

Key Concerns

Missing nonce checks
Missing capability checks

Vulnerabilities

None known

CookieTractor Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

CookieTractor Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

6 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

100% escaped6 total outputs

Attack Surface

CookieTractor Attack Surface

Entry Points3

Unprotected0

Shortcodes 3

[cookietractor_declaration] src\shortcodes\ShortcodeDeclaration.php:11

[cookietractor_popup] src\shortcodes\ShortcodeOpenPopup.php:8

[cookietractor_consent_api] src\shortcodes\ShortcodeWpConsentApi.php:7

WordPress Hooks 6

filterwp_headsrc\frontend\Frontend.php:11

actionadmin_menusrc\settings\Settings.php:19

actionadmin_initsrc\settings\Settings.php:20

actionadmin_enqueue_scriptssrc\settings\Settings.php:21

actionwp_enqueue_scriptssrc\utilities\WPConsentAPIHelper.php:17

filterwp_get_consent_typesrc\utilities\WPConsentAPIHelper.php:18

Maintenance & Trust

CookieTractor Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 1, 2025

PHP min version7.2

Downloads647

Community Trust

Rating0/100

Number of ratings0

Active installs20

Alternatives

CookieTractor Alternatives

GDPR Cookie Banner

gdpr-cookie-banner

GDPR Cookie Banner helps website owners to display a notice that they are using cookies. This plugin assists website owners to comply with European pr …

10 No CVEs

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)

cookie-law-info

100

Easily set up cookie banner or notice in WordPress, and policy pages for compliance with global cookie laws (GDPR, DSGVO, RGPD, CCPA/CPRA, etc).

1.0M 1 CVE

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

gdpr-cookie-compliance

Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo …

300K 9 CVEs

Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode

cookiebot

Install your cookie banner in minutes. Automatically scan and block cookies to comply with the GDPR, CCPA, Google Consent Mode v2. Free plan option.

100K 1 unpatched

Real Cookie Banner: GDPR & ePrivacy Cookie Consent

real-cookie-banner

Obtain GDPR (DSGVO/RGPD) and ePrivacy Directive (TDDDG/TTDSG, LOPD-GDD, DTA) compliant consents in your cookie banner. More than just a cookie notice!

100K 4 CVEs

Developer Profile

CookieTractor Developer Profile

CookieTractor

1 plugin · 20 total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect CookieTractor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/cookietractor/assets/bundles/style.css

HTML / DOM Fingerprints

CSS Classes

cookietractor-settingscookietractor-settings__header

Data Attributes

data-iddata-lang

FAQ