WP-Safety

EUCookieLaw Security & Risk Analysis

wordpress.org/plugins/eucookielaw

A Wordpress solution to the European Cookie Law Issue

200 active installs v2.7.5 PHP + WP 4.0+ Updated May 20, 2025
blocco-preventivocookiecookie-laweu-cookie-lawlaw-compliance
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 8, 2025
Plugin page Download
Safety Verdict

Is EUCookieLaw Safe to Use in 2026?

Generally Safe

Score 99/100

EUCookieLaw has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 8, 2025Updated 10mo ago
Risk Assessment

The eucookielaw plugin v2.7.5 exhibits a mixed security posture. While it demonstrates good practices in areas like SQL query sanitization and a low number of unprotected entry points, significant concerns arise from its output escaping and file operation handling. The overwhelming majority of output is not properly escaped, posing a substantial risk of cross-site scripting (XSS) vulnerabilities. Additionally, the presence of five taint flows with unsanitized paths, despite no critical or high severity findings in the current analysis, warrants attention as it indicates potential for path traversal or similar file system manipulation vulnerabilities.

The plugin's vulnerability history shows one medium-severity CVE related to path traversal, which aligns with the taint analysis findings. The fact that this vulnerability is no longer unpatched is positive, but the pattern suggests a recurring area of weakness. The plugin's strengths lie in its minimal attack surface and secure handling of database queries. However, the critical issues with output escaping and the suspicious taint flows, coupled with past path traversal issues, indicate that this plugin requires careful review and potential remediation to ensure a robust security posture.

Key Concerns

  • Low percentage of properly escaped output
  • Taint flows with unsanitized paths detected
  • Previous medium CVE for Path Traversal
  • Bundled library (TinyMCE)
Vulnerabilities
1

EUCookieLaw Security Vulnerabilities

CVEs by Year

1 CVE in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2025-3897medium · 5.9Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

EUCookieLaw <= 2.7.2 - Unauthenticated Arbitrary File Read

May 8, 2025 Patched in 2.7.3 (1d)
Code Analysis
Analyzed Mar 16, 2026

EUCookieLaw Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
97
1 escaped
Nonce Checks
1
Capability Checks
3
File Operations
14
External Requests
2
Bundled Libraries
1

Bundled Libraries

TinyMCE

Output Escaping

1% escaped98 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

6 flows5 with unsanitized paths
<eucookielaw-header> (eucookielaw-header.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

EUCookieLaw Attack Surface

Entry Points1
Unprotected0

Shortcodes 1

[EUCookieLawReconsider] eucookielaw-wp.php:564
WordPress Hooks 19
actionadmin_headeditor.php:7
actionadmin_enqueue_scriptseditor.php:8
filtermce_external_pluginseditor.php:19
filtermce_buttonseditor.php:20
actioniniteucookielaw-wp.php:94
actionplugins_loadedeucookielaw-wp.php:96
filtercron_scheduleseucookielaw-wp.php:108
actionadmin_noticeseucookielaw-wp.php:114
actionadmin_noticeseucookielaw-wp.php:117
actionadmin_noticeseucookielaw-wp.php:118
filteradmin_menueucookielaw-wp.php:123
actionadmin_enqueue_scriptseucookielaw-wp.php:124
actionwp_enqueue_scriptseucookielaw-wp.php:126
actionlogin_enqueue_scriptseucookielaw-wp.php:128
actionw3_pgcache_cleanupeucookielaw-wp.php:132
actionw3tc_pgcache_flusheucookielaw-wp.php:134
actionwp_cache_gceucookielaw-wp.php:135
actionw3_redirecteucookielaw-wp.php:415
filterthe_contenteucookielaw-wp.php:565
Maintenance & Trust

EUCookieLaw Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedMay 20, 2025
PHP min version
Downloads13K

Community Trust

Rating98/100
Number of ratings18
Active installs200
Alternatives

EUCookieLaw Alternatives

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

gdpr-cookie-consent

A
89

WPLP Cookie Consent helps WordPress website owners display cookie consent banners, manage user preferences, and control third-party scripts in line wi &hellip;

10K 10 CVEs
Italy Cookie Choices (for EU Cookie Law & Cookie Notice)

Italy Cookie Choices (for EU Cookie Law & Cookie Notice)

italy-cookie-choices

A
85

The most complete cookie consent to easily comply with the european cookie law, display cookie notice and block third party cookie without degrading w &hellip;

10K No CVEs
LuckyWP Cookie Notice (GDPR)

LuckyWP Cookie Notice (GDPR)

luckywp-cookie-notice-gdpr

A
92

The plugin allows you to notify visitors about the use of cookies (necessary to comply with the GDPR in the EU).

10K No CVEs
EU Cookies Bar for WordPress

EU Cookies Bar for WordPress

eu-cookies-bar

A
100

Ensure GDPR (General Data Protection Regulation) compliance (EU Cookie Law) with our straightforward cookie bar

9K No CVEs
Civic Cookie Control

Civic Cookie Control

civic-cookie-control-8

A
99

This plugin enables you to comply with the UK and EU law on cookies.

2K 1 CVE
Developer Profile

EUCookieLaw Developer Profile

Diego La Monica

1 plugin · 200 total installs

99
trust score
Avg Security Score
99/100
Avg Patch Time
1 days
View full developer profile
Detection Fingerprints

How We Detect EUCookieLaw

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/eucookielaw/eucookielaw-tinymce.css/wp-content/plugins/eucookielaw/EUCookieLaw-tinymce.js
Version Parameters
eucookielaw-tinymce.css?ver=EUCookieLaw-tinymce.js?ver=

HTML / DOM Fingerprints

CSS Classes
eucookie-bar
HTML Comments
<!-- Begin EUCookieLaw --><!-- End EUCookieLaw -->
Data Attributes
data-eucookielaw
JS Globals
EUCookieLaw
FAQ

Frequently Asked Questions about EUCookieLaw