Does GDPR Compliance & Cookie Consent have any unpatched vulnerabilities?

No. All known vulnerabilities in GDPR Compliance & Cookie Consent have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is GDPR Compliance & Cookie Consent compatible with WordPress 6.5.8?

According to WordPress.org data, GDPR Compliance & Cookie Consent 1.6.1 has been tested up to WordPress 6.5.8. Check the plugin's changelog for the latest compatibility information.

How often is GDPR Compliance & Cookie Consent updated?

GDPR Compliance & Cookie Consent was last updated on Jul 31, 2024. Frequent updates are generally a positive security signal.

What is GDPR Compliance & Cookie Consent's security score?

GDPR Compliance & Cookie Consent has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

GDPR Compliance & Cookie Consent Security & Risk Analysis

wordpress.org/plugins/gdpr-compliance-cookie-consent

This plugin adds GDPR-compliant cookie management to websites, ensuring legal compliance and enhancing user privacy.

5K active installs v1.6.1 PHP + WP 4.6+ Updated Jul 31, 2024

cookie-bannercookie-consentgdprgdpr-complianceprivacy-policy

A · Safe

CVEs total1

Unpatched0

Last CVEApr 19, 2023

Plugin page Download

Safety Verdict

Is GDPR Compliance & Cookie Consent Safe to Use in 2026?

Generally Safe

Score 92/100

GDPR Compliance & Cookie Consent has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Apr 19, 2023Updated 1yr ago

Risk Assessment

The gdpr-compliance-cookie-consent plugin version 1.6.1 exhibits a mixed security posture. While it demonstrates good practices in some areas, like the absence of dangerous functions and external HTTP requests, significant concerns arise from its attack surface and data handling. The presence of four unprotected AJAX handlers is a major vulnerability, as it exposes potential entry points to unauthorized access or manipulation. The fact that 100% of its single SQL query is not prepared is another critical weakness, increasing the risk of SQL injection vulnerabilities. Furthermore, a significant portion of output (28%) is not properly escaped, posing a risk of Cross-Site Scripting (XSS) attacks.

The plugin's vulnerability history, while currently showing no unpatched CVEs, indicates a past medium severity vulnerability, specifically Cross-Site Request Forgery (CSRF). This history, combined with the current lack of rigorous security checks on several AJAX handlers, suggests a pattern where critical security measures might be overlooked. The taint analysis shows no detected flows, which is positive, but this is undermined by the other identified weaknesses that provide ample opportunities for malicious actors. The plugin's strengths lie in its lack of bundled libraries and file operations, but these are overshadowed by the critical risks presented by its unprotected AJAX endpoints, raw SQL queries, and unescaped output.

Key Concerns

4 unprotected AJAX handlers
100% of SQL queries not using prepared statements
28% of output not properly escaped
1 past medium severity CVE (CSRF)

Vulnerabilities

GDPR Compliance & Cookie Consent Security Vulnerabilities

CVEs by Year

1 CVE in 2023

2023

Patched Has unpatched

Severity Breakdown

Medium

1 total CVE

CVE-2022-45815medium · 4.3Cross-Site Request Forgery (CSRF)

GDPR Compliance & Cookie Consent <= 1.2 - Cross-Site Request Forgery

Apr 19, 2023 Patched in 1.3 (279d)

Code Analysis

Analyzed Mar 16, 2026

GDPR Compliance & Cookie Consent Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

120 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared1 total queries

Output Escaping

72% escaped167 total outputs

Attack Surface

4 unprotected

GDPR Compliance & Cookie Consent Attack Surface

Entry Points7

Unprotected4

AJAX Handlers 6

authwp_ajax_stm_gdpr_cookie_acceptgdpr-compliance-cookie-consent.php:59

noprivwp_ajax_stm_gdpr_cookie_acceptgdpr-compliance-cookie-consent.php:60

authwp_ajax_stm_gpdr_data_requestgdpr-compliance-cookie-consent.php:65

noprivwp_ajax_stm_gpdr_data_requestgdpr-compliance-cookie-consent.php:66

authwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:51

noprivwp_ajax_cmb2_oembed_handlerincludes\cmb2\includes\CMB2_Ajax.php:52

Shortcodes 1

[stm-gpdr-data-access] gdpr-compliance-cookie-consent.php:69

WordPress Hooks 63

actionplugins_loadedgdpr-compliance-cookie-consent.php:34

actioncmb2_admin_initgdpr-compliance-cookie-consent.php:48

actionadmin_enqueue_scriptsgdpr-compliance-cookie-consent.php:50

actiontemplate_redirectgdpr-compliance-cookie-consent.php:55

actionshutdowngdpr-compliance-cookie-consent.php:56

actionwp_footergdpr-compliance-cookie-consent.php:58

actionwp_enqueue_scriptsgdpr-compliance-cookie-consent.php:64

filterwp_prepare_attachment_for_jsincludes\cmb2\includes\CMB2.php:1469

actionadmin_enqueue_scriptsincludes\cmb2\includes\CMB2.php:1486

actioncmb2_save_options-page_fieldsincludes\cmb2\includes\CMB2_Ajax.php:54

filterget_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:147

filterupdate_post_metadataincludes\cmb2\includes\CMB2_Ajax.php:150

filtercmb2_show_onincludes\cmb2\includes\CMB2_hookup.php:79

actionedit_form_topincludes\cmb2\includes\CMB2_hookup.php:115

actionedit_form_before_permalinkincludes\cmb2\includes\CMB2_hookup.php:119

actionedit_form_after_titleincludes\cmb2\includes\CMB2_hookup.php:123

actionedit_form_after_editorincludes\cmb2\includes\CMB2_hookup.php:127

actionadd_meta_boxesincludes\cmb2\includes\CMB2_hookup.php:131

actionadd_meta_boxesincludes\cmb2\includes\CMB2_hookup.php:134

actionadd_attachmentincludes\cmb2\includes\CMB2_hookup.php:135

actionedit_attachmentincludes\cmb2\includes\CMB2_hookup.php:136

actionsave_postincludes\cmb2\includes\CMB2_hookup.php:137

actionadd_meta_boxes_commentincludes\cmb2\includes\CMB2_hookup.php:150

actionedit_commentincludes\cmb2\includes\CMB2_hookup.php:151

filtermanage_edit-comments_columnsincludes\cmb2\includes\CMB2_hookup.php:154

actionmanage_comments_custom_columnincludes\cmb2\includes\CMB2_hookup.php:155

actionshow_user_profileincludes\cmb2\includes\CMB2_hookup.php:164

actionedit_user_profileincludes\cmb2\includes\CMB2_hookup.php:165

actionuser_new_formincludes\cmb2\includes\CMB2_hookup.php:166

actionpersonal_options_updateincludes\cmb2\includes\CMB2_hookup.php:168

actionedit_user_profile_updateincludes\cmb2\includes\CMB2_hookup.php:169

actionuser_registerincludes\cmb2\includes\CMB2_hookup.php:170

filtermanage_users_columnsincludes\cmb2\includes\CMB2_hookup.php:173

filtermanage_users_custom_columnincludes\cmb2\includes\CMB2_hookup.php:174

actioncreated_termincludes\cmb2\includes\CMB2_hookup.php:222

actionedited_termsincludes\cmb2\includes\CMB2_hookup.php:223

actiondelete_termincludes\cmb2\includes\CMB2_hookup.php:224

actioncmb2_do_oembedincludes\cmb2\includes\helper-functions.php:131

filteris_protected_metaincludes\cmb2\includes\rest-api\CMB2_REST.php:144

actioninitincludes\cmb2\init.php:126

actionwidgets_initincludes\STM_DataAccessWidget.php:14

filtercomment_form_submit_fieldincludes\STM_Plugins.php:23

actionpre_comment_on_postincludes\STM_Plugins.php:24

actioncomment_postincludes\STM_Plugins.php:25

filtermanage_edit-comments_columnsincludes\STM_Plugins.php:26

actionmanage_comments_custom_columnincludes\STM_Plugins.php:27

actionwpcf7_initincludes\STM_Plugins.php:33

filterwpcf7_before_send_mailincludes\STM_Plugins.php:34

filterwpcf7_validate_stmgdprincludes\STM_Plugins.php:35

actionwoocommerce_review_order_before_submitincludes\STM_Plugins.php:41

actionwoocommerce_checkout_processincludes\STM_Plugins.php:42

actionwoocommerce_checkout_update_order_metaincludes\STM_Plugins.php:43

actionwoocommerce_admin_order_data_after_order_detailsincludes\STM_Plugins.php:44

filtermc4wp_form_errorsincludes\STM_Plugins.php:50

filtermc4wp_form_contentincludes\STM_Plugins.php:51

actionbp_after_message_reply_boxincludes\STM_Plugins.php:57

actionbp_after_messages_compose_contentincludes\STM_Plugins.php:58

actionbp_activity_post_form_optionsincludes\STM_Plugins.php:59

actionbp_after_group_forum_post_newincludes\STM_Plugins.php:60

actiongroups_forum_new_topic_afterincludes\STM_Plugins.php:61

actiongroups_forum_new_reply_afterincludes\STM_Plugins.php:62

filtergform_entries_field_valueincludes\STM_Plugins.php:68

filtergform_get_field_valueincludes\STM_Plugins.php:69

Maintenance & Trust

GDPR Compliance & Cookie Consent Maintenance & Trust

Maintenance Signals

WordPress version tested6.5.8

Last updatedJul 31, 2024

PHP min version

Downloads463K

Community Trust

Rating54/100

Number of ratings10

Active installs5K

Alternatives

GDPR Compliance & Cookie Consent Alternatives

GDPR CCPA Compliance & Cookie Consent Banner

ninja-gdpr-compliance

Get compliance with GDPR, CCPA, DPA, and other privacy regulations.

1K 5 CVEs

Avacy CMP

avacy

100

Overview

500 No CVEs

Icegram Cookie Manager – Simple Cookie Consent & Compliance Banner

icegram-cookie-manager

100

Add personalized cookie information and link to your WordPress privacy policy page.

0 No CVEs

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)

cookie-law-info

100

Easily set up cookie banner or notice in WordPress, and policy pages for compliance with global cookie laws (GDPR, DSGVO, RGPD, CCPA/CPRA, etc).

1.0M 1 CVE

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

gdpr-cookie-compliance

Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo …

300K 9 CVEs

Developer Profile

GDPR Compliance & Cookie Consent Developer Profile

gdprcompliancewp

2 plugins · 15K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

279 days

View full developer profile

Detection Fingerprints

How We Detect GDPR Compliance & Cookie Consent

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/gdpr-compliance-cookie-consent/assets/css/stm_gdpr.css/wp-content/plugins/gdpr-compliance-cookie-consent/assets/js/stm_gdpr.js/wp-content/plugins/gdpr-compliance-cookie-consent/assets/js/stm_gdpr_cookie.js/wp-content/plugins/gdpr-compliance-cookie-consent/assets/js/stm_gdpr_data_access.js

Script Paths

/wp-content/plugins/gdpr-compliance-cookie-consent/assets/js/stm_gdpr.js/wp-content/plugins/gdpr-compliance-cookie-consent/assets/js/stm_gdpr_cookie.js/wp-content/plugins/gdpr-compliance-cookie-consent/assets/js/stm_gdpr_data_access.js

Version Parameters

gdpr-compliance-cookie-consent/assets/css/stm_gdpr.css?ver=gdpr-compliance-cookie-consent/assets/js/stm_gdpr.js?ver=gdpr-compliance-cookie-consent/assets/js/stm_gdpr_cookie.js?ver=gdpr-compliance-cookie-consent/assets/js/stm_gdpr_data_access.js?ver=

HTML / DOM Fingerprints

CSS Classes

stm_gdpr_settings

Data Attributes

data-stm-gdpr-cookie-accept

JS Globals

stm_gdpr_ajax_objectstm_gdpr_params

REST Endpoints

/wp-json/stm-gdpr/v1/accept-cookie/wp-json/stm-gdpr/v1/data-request

Shortcode Output

[stm-gpdr-data-access]

FAQ