WP-Safety

ELAN42-disclaimer Security & Risk Analysis

wordpress.org/plugins/disclaimer-by-elan42

Adds configurable Credits / Privacy Policy for the European Cookies Law and GDPR, with links / ajax / hover box.

20 active installs v0.9.13 PHP + WP 3.2+ Updated Aug 9, 2018
cookiecookiescreditseuropean-lawshortcodes
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is ELAN42-disclaimer Safe to Use in 2026?

Generally Safe

Score 85/100

ELAN42-disclaimer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "disclaimer-by-elan42" plugin, version 0.9.13, exhibits a generally good security posture based on the provided static analysis. The absence of dangerous functions, direct SQL queries without prepared statements, file operations, and external HTTP requests are strong indicators of secure coding practices. Taint analysis revealing no unsanitized flows further reinforces this positive assessment. The plugin also has no recorded vulnerability history, which suggests a consistent focus on security by its developers.

However, a significant concern arises from the output escaping. With 43 total outputs and only 26% properly escaped, there's a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. This means that user-supplied or dynamically generated content could be injected into the plugin's output without proper sanitization, potentially allowing attackers to execute arbitrary JavaScript in the context of a user's browser. Additionally, the absence of any nonce checks or capability checks on the identified entry points (shortcodes) means that these could potentially be triggered by unauthorized users or through Cross-Site Request Forgery (CSRF) attacks, although the lack of specific dangerous functions or SQL queries mitigates the immediate impact of such triggers. The plugin's attack surface is limited, and all identified entry points are shortcodes, which are less likely to be directly exposed to unauthenticated users compared to AJAX or REST API endpoints.

Key Concerns

  • Low percentage of properly escaped output
  • No nonce checks on entry points
  • No capability checks on entry points
Vulnerabilities
None known

ELAN42-disclaimer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

ELAN42-disclaimer Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
32
11 escaped
Nonce Checks
0
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

26% escaped43 total outputs
Attack Surface

ELAN42-disclaimer Attack Surface

Entry Points6
Unprotected0

Shortcodes 6

[elan42_disclaimer] disclaimer-by-elan42.php:443
[elan42_pretty_disclaimer] disclaimer-by-elan42.php:457
[elan42_disclaimer_privacy] disclaimer-by-elan42.php:465
[elan42_disclaimer_terms] disclaimer-by-elan42.php:471
[elan42_disclaimer_cookie] disclaimer-by-elan42.php:477
[elan42_disclaimer_links] disclaimer-by-elan42.php:536
WordPress Hooks 6
actioninitdisclaimer-by-elan42.php:15
actionwp_enqueue_scriptsdisclaimer-by-elan42.php:338
actionwidgets_initdisclaimer-by-elan42.php:600
actionadmin_initinc\admin.php:131
actionadmin_initnightrock-admin-framework\inc\nra_page_init.php:37
actionadmin_menunightrock-admin-framework\inc\nra_page_init.php:57
Maintenance & Trust

ELAN42-disclaimer Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedAug 9, 2018
PHP min version
Downloads2K

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

ELAN42-disclaimer Alternatives

Mr Cookies

Mr Cookies

mrcookies

A
85

MrCookies plugin adapts your Wordpress to satisfy the European cookies laws.

60 No CVEs
Cookie Notice & Compliance for GDPR / CCPA

Cookie Notice & Compliance for GDPR / CCPA

cookie-notice

A
95

Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.

900K 6 CVEs
WP Consent API

WP Consent API

wp-consent-api

A
100

Simple Consent API to read and register the current consent category.

200K No CVEs
Adapta RGPD

Adapta RGPD

adapta-rgpd

A
99

La solución completa para el cumplimiento del RGPD y la LOPD GDD en español: Crea los textos legales, el banner de cookies y documenta los consentimie …

40K 1 CVE
Asesor de Cookies RGPD para normativa europea

Asesor de Cookies RGPD para normativa europea

asesor-cookies-para-la-ley-en-espana

A
100

Este plugin le facilita la adaptación a la RGPD de su web a la política de cookies mostrando el aviso a los visitantes de su página y proporcionándole …

20K No CVEs
Developer Profile

ELAN42-disclaimer Developer Profile

ELAN42///

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect ELAN42-disclaimer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/disclaimer-by-elan42/css/style.css/wp-content/plugins/disclaimer-by-elan42/js/script.js/wp-content/plugins/disclaimer-by-elan42/css/cookie.css/wp-content/plugins/disclaimer-by-elan42/js/cookie.js
Script Paths
/wp-content/plugins/disclaimer-by-elan42/js/script.js/wp-content/plugins/disclaimer-by-elan42/js/cookie.js
Version Parameters
disclaimer-by-elan42/css/style.css?ver=disclaimer-by-elan42/js/script.js?ver=disclaimer-by-elan42/css/cookie.css?ver=disclaimer-by-elan42/js/cookie.js?ver=

HTML / DOM Fingerprints

CSS Classes
elan42-cookie-policyelan42-disclaimer-hoverelan42-disclaimer-popupterms-containercookie-container
Data Attributes
data-elan42-disclaimer-iddata-elan42-disclaimer-type
JS Globals
elan42_disclaimer_options
Shortcode Output
<div class='terms-container'><h2>Termini e Condizioni</h2><div class='cookie-container'><h2>Cookie Policy</h2>
FAQ

Frequently Asked Questions about ELAN42-disclaimer