WP-Safety

DSGVO All in one for WP Security & Risk Analysis

wordpress.org/plugins/dsgvo-all-in-one-for-wp

An All in One GDPR Plugin for everything! Responsive Cookie Notice - Imprint & Privacy Policy Generator - integrate external Services GDPR complia …

20K active installs v4.9 PHP 5.6+ WP 4.5+ Updated Aug 11, 2025
cookiecookie-noticedatenschutzdsgvogdpr
97
A · Safe
CVEs total5
Unpatched0
Last CVEFeb 3, 2025
Plugin page Download
Safety Verdict

Is DSGVO All in one for WP Safe to Use in 2026?

Generally Safe

Score 97/100

DSGVO All in one for WP has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Feb 3, 2025Updated 7mo ago
Risk Assessment

The dsgvo-all-in-one-for-wp plugin version 4.9 presents a mixed security posture. While the plugin demonstrates strong practices in output escaping, with 99% of outputs properly handled, and no critical or high-severity taint flows detected, there are significant areas of concern. A substantial attack surface is exposed through 19 AJAX handlers that lack authentication checks, making them potential entry points for unauthorized actions. The presence of the `unserialize` function, a known risk for deserialization vulnerabilities, is also a notable point of caution.

The plugin's vulnerability history, with 5 previously disclosed medium-severity CVEs primarily involving Cross-Site Request Forgery and Cross-Site Scripting, suggests a recurring pattern of vulnerabilities that, while not critical, can still impact users. The fact that none are currently unpatched is positive, but the history indicates a need for vigilant maintenance. The static analysis reveals that 14% of SQL queries do not use prepared statements, which could be a vector for SQL injection if not handled carefully elsewhere. Overall, the plugin has a good foundation in output sanitization but requires significant attention to securing its AJAX endpoints and addressing its past vulnerability trends.

Key Concerns

  • 19 unprotected AJAX handlers
  • 14% SQL queries not using prepared statements
  • 1 dangerous function detected (unserialize)
  • 5 medium severity CVEs in history
  • 1 unsanitized path in taint analysis
Vulnerabilities
5

DSGVO All in one for WP Security Vulnerabilities

CVEs by Year

1 CVE in 2021
2021
1 CVE in 2022
2022
2 CVEs in 2024
2024
1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
5

5 total CVEs

CVE-2024-13356medium · 6.5Cross-Site Request Forgery (CSRF)

DSGVO All in one for WP <= 4.6 - Cross-Site Request Forgery to Account Deletion

Feb 3, 2025 Patched in 4.7 (1d)
CVE-2024-43964medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DSGVO All in one for WP <= 4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

Aug 26, 2024 Patched in 4.6 (94d)
CVE-2024-27967medium · 4.3Cross-Site Request Forgery (CSRF)

DSGVO All in one for WP <= 4.3 - Cross-Site Request Forgery

Mar 13, 2024 Patched in 4.4 (8d)
CVE-2022-2628medium · 5.5Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DSGVO All in one for WP <= 4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Sep 12, 2022 Patched in 4.3 (498d)
CVE-2021-24294medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DSGVO All in one for WP <= 3.9 - Unauthenticated Stored Cross-Site Scripting

May 7, 2021 Patched in 4.0 (991d)
Code Analysis
Analyzed Mar 16, 2026

DSGVO All in one for WP Code Analysis

Dangerous Functions
1
Raw SQL Queries
12
2 prepared
Unescaped Output
18
2633 escaped
Nonce Checks
8
Capability Checks
4
File Operations
16
External Requests
5
Bundled Libraries
1

Dangerous Functions Found

unserialize$url = unserialize($vimeo['body'])[0]['thumbnail_large'];dsgvo_all_in_one_wp.php:3236

Bundled Libraries

DataTables

SQL Query Safety

14% prepared14 total queries

Output Escaping

99% escaped2651 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
<backend_settings> (core\inc\backend_settings.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
19 unprotected

DSGVO All in one for WP Attack Surface

Entry Points33
Unprotected19

AJAX Handlers 19

authwp_ajax_dsgvo_delete_usr_ipdsgvo_all_in_one_wp.php:54
authwp_ajax_reset_policy_servicedsgvo_all_in_one_wp.php:56
authwp_ajax_dsgvoaio_export_logdsgvo_all_in_one_wp.php:58
authwp_ajax_dsgvoaio_write_logdsgvo_all_in_one_wp.php:60
noprivwp_ajax_dsgvoaio_write_logdsgvo_all_in_one_wp.php:62
authwp_ajax_dsgvoaio_get_service_policydsgvo_all_in_one_wp.php:64
noprivwp_ajax_dsgvoaio_get_service_policydsgvo_all_in_one_wp.php:66
authwp_ajax_dsgvoaio_dismiss_cache_msgdsgvo_all_in_one_wp.php:68
noprivwp_ajax_dsgvoaio_dismiss_cache_msgdsgvo_all_in_one_wp.php:70
authwp_ajax_dsgvoaio_dismiss_gfonts_msgdsgvo_all_in_one_wp.php:72
noprivwp_ajax_dsgvoaio_dismiss_gfonts_msgdsgvo_all_in_one_wp.php:74
authwp_ajax_dsgvoaiofree_dismissed_notice_handler_importdsgvo_all_in_one_wp.php:84
authwp_ajax_dsgvoaiofree_delete_log_fulldsgvo_all_in_one_wp.php:86
authwp_ajax_reset_layertext_servicedsgvo_all_in_one_wp.php:88
authwp_ajax_dsgvoaiofree_fbpixelevent_ajaxhandledsgvo_all_in_one_wp.php:1452
noprivwp_ajax_dsgvoaiofree_fbpixelevent_ajaxhandledsgvo_all_in_one_wp.php:1454
authwp_ajax_dsgvoaiofree_change_sessiondsgvo_all_in_one_wp.php:1464
noprivwp_ajax_dsgvoaiofree_change_sessiondsgvo_all_in_one_wp.php:1466
authwp_ajax_dsgvoaio_dismissed_notice_handlerdsgvo_all_in_one_wp.php:1530

Shortcodes 14

[dsgvo_service_control] dsgvo_all_in_one_wp.php:1510
[dsgvo_twitter_button] dsgvo_all_in_one_wp.php:1512
[dsgvo_linkedin] dsgvo_all_in_one_wp.php:1514
[dsgvo_addthis] dsgvo_all_in_one_wp.php:1516
[dsgvo_facebook_like] dsgvo_all_in_one_wp.php:1518
[dsgvo_facebook_comments] dsgvo_all_in_one_wp.php:1520
[dsgvo_vgwort] dsgvo_all_in_one_wp.php:1522
[dsgvo_shareaholic] dsgvo_all_in_one_wp.php:1524
[dsgvo_youtube] dsgvo_all_in_one_wp.php:1526
[dsgvo_vimeo] dsgvo_all_in_one_wp.php:1528
[dsgvo_imprint] dsgvo_all_in_one_wp.php:1548
[dsgvo_user_remove_form] dsgvo_all_in_one_wp.php:1550
[dsgvo_policy] dsgvo_all_in_one_wp.php:1552
[dsgvo_show_user_data] dsgvo_all_in_one_wp.php:1554
WordPress Hooks 39
actioninitcore\inc\blocks.php:96
actionwp_loadedcore\inc\google_fonts.php:5
actionshutdowncore\inc\google_fonts.php:12
actionplugins_loadeddsgvo_all_in_one_wp.php:36
actionadmin_menudsgvo_all_in_one_wp.php:50
actionadmin_enqueue_scriptsdsgvo_all_in_one_wp.php:52
actionadmin_initdsgvo_all_in_one_wp.php:76
actionadmin_initdsgvo_all_in_one_wp.php:78
actionadmin_initdsgvo_all_in_one_wp.php:80
actionadmin_noticesdsgvo_all_in_one_wp.php:82
actionadmin_initdsgvo_all_in_one_wp.php:90
actionadmin_noticesdsgvo_all_in_one_wp.php:101
filterautoptimize_filter_js_dontmovedsgvo_all_in_one_wp.php:464
actioninitdsgvo_all_in_one_wp.php:1442
actionwp_loadeddsgvo_all_in_one_wp.php:1446
actionwp_headdsgvo_all_in_one_wp.php:1456
actionwoocommerce_add_to_cartdsgvo_all_in_one_wp.php:1458
actionwoocommerce_thankyoudsgvo_all_in_one_wp.php:1460
actionwoocommerce_new_orderdsgvo_all_in_one_wp.php:1462
actionwp_footerdsgvo_all_in_one_wp.php:1472
actionwp_enqueue_scriptsdsgvo_all_in_one_wp.php:1478
actionwp_enqueue_scriptsdsgvo_all_in_one_wp.php:1480
actionwp_headdsgvo_all_in_one_wp.php:1486
filtercomment_form_after_fieldsdsgvo_all_in_one_wp.php:1494
filtercomment_form_logged_in_afterdsgvo_all_in_one_wp.php:1496
actionwp_footerdsgvo_all_in_one_wp.php:1498
filterpreprocess_commentdsgvo_all_in_one_wp.php:1502
actioncomment_postdsgvo_all_in_one_wp.php:1506
actionupgrader_process_completedsgvo_all_in_one_wp.php:1532
actionadmin_noticesdsgvo_all_in_one_wp.php:1542
filterpre_comment_user_ipdsgvo_all_in_one_wp.php:1558
actionwp_headdsgvo_all_in_one_wp.php:1593
actionwp_loadeddsgvo_all_in_one_wp.php:1598
actionwp_loadeddsgvo_all_in_one_wp.php:1604
actionwp_loadeddsgvo_all_in_one_wp.php:2269
filtermonsterinsights_frontend_output_analytics_srcdsgvo_all_in_one_wp.php:2275
actionwp_loadeddsgvo_all_in_one_wp.php:2277
actionplugins_loadeddsgvo_all_in_one_wp.php:2283
actionwp_loadeddsgvo_all_in_one_wp.php:2289
Maintenance & Trust

DSGVO All in one for WP Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 11, 2025
PHP min version5.6
Downloads346K

Community Trust

Rating80/100
Number of ratings162
Active installs20K
Alternatives

DSGVO All in one for WP Alternatives

CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)

CookieHub – Cookie Consent Banner (DSGVO, CCPA, RGPD and GDPR compliance)

cookiehub

A
99

Take control effortlessly with CookieHub – GDPR-compliant solution for cookie management and compliance.

3K 1 CVE
Conzent – Cookie Banner – Conzent CMP – Google CMP & IAB TCF Certified

Conzent – Cookie Banner – Conzent CMP – Google CMP & IAB TCF Certified

conzent

A
100

Easily set up cookie banner or cookie notice and cookie policy page for GDPR (DSGVO, RGPD) compliance. Also supports CCPA/CPRA and other major global &hellip;

100 No CVEs
Privacy Offload – GDPR/CCPA Manager

Privacy Offload – GDPR/CCPA Manager

gdpr-ccpa-compliance

A
85

Configure your Cookie Notice, Cookie Consent and Cookie Policy with our Wizard and Cookie Scan. Supports GDPR, DSGVO, CCPA and PIPEDA.

10 No CVEs
CodingFreaks Cookie-Manager

CodingFreaks Cookie-Manager

codingfreaks-cookiemanager

A
100

Cookie Management made easy, use our Cookie Consent Manager Plugin to comply with the EU Cookie Law, and enjoy easy configuration.

0 No CVEs
Complianz – GDPR/CCPA Cookie Consent

Complianz – GDPR/CCPA Cookie Consent

complianz-gdpr

A
92

Configure your Cookie Banner, Cookie Consent and Cookie Policy with our Wizard and Cookies Scan.

1.0M 9 CVEs
Developer Profile

DSGVO All in one for WP Developer Profile

mlfactory

7 plugins · 21K total installs

70
trust score
Avg Security Score
87/100
Avg Patch Time
318 days
View full developer profile
Detection Fingerprints

How We Detect DSGVO All in one for WP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/dsgvo-all-in-one-for-wp/core/js/dsgvo_admin_scripts.js/wp-content/plugins/dsgvo-all-in-one-for-wp/core/css/dsgvo_admin_styles.css/wp-content/plugins/dsgvo-all-in-one-for-wp/core/inc/exporter_fetch_datas.php/wp-content/plugins/dsgvo-all-in-one-for-wp/core/inc/texts.php/wp-content/plugins/dsgvo-all-in-one-for-wp/core/inc/blocks.php
Script Paths
/wp-content/plugins/dsgvo-all-in-one-for-wp/core/js/dsgvo_admin_scripts.js
Version Parameters
dsgvo-all-in-one-for-wp/core/js/dsgvo_admin_scripts.js?ver=dsgvo-all-in-one-for-wp/core/css/dsgvo_admin_styles.css?ver=

HTML / DOM Fingerprints

CSS Classes
dsgvoaio-settings-page
HTML Comments
<!-- DSGVO All in one for WP --><!-- START DSGVO-ALL-IN-ONE-FOR-WP FREE --><!-- END DSGVO-ALL-IN-ONE-FOR-WP FREE -->
Data Attributes
data-dsgvoaio-nonce
JS Globals
dsgvo_ajax_objectdsgvoaio_vue_data
FAQ

Frequently Asked Questions about DSGVO All in one for WP