WP-Safety

GDPR-Extensions-com – Consent Manager Security & Risk Analysis

wordpress.org/plugins/gdpr-consent-manager

Short Description: Ensure GDPR compliance effortlessly. Scan for cookies, resources, and security issues. Generate reports.

0 active installs v1.0.1 PHP 8.1+ WP 6.4+ Updated Nov 8, 2024
complianceconsentcookiesgdprprivacy
91
A · Safe
CVEs total1
Unpatched0
Last CVEOct 9, 2024
Plugin page Download
Safety Verdict

Is GDPR-Extensions-com – Consent Manager Safe to Use in 2026?

Generally Safe

Score 91/100

GDPR-Extensions-com – Consent Manager has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: Oct 9, 2024Updated 1yr ago
Risk Assessment

The GDPR Consent Manager plugin v1.0.1 exhibits a mixed security posture. On the positive side, it demonstrates good practices in its handling of SQL queries, with 100% utilizing prepared statements, and a high percentage (96%) of outputs being properly escaped. The absence of file operations and bundled libraries also reduces the attack surface in those areas. However, significant concerns arise from the static analysis. With 28 AJAX handlers, a notable 8 lack authentication checks, creating a substantial entry point for potential unauthenticated actions.

The taint analysis reveals 6 high-severity flows with unsanitized paths, indicating potential vulnerabilities where external input could be manipulated in dangerous ways. The presence of the `unserialize` function, a known source of vulnerabilities when handling untrusted data, adds to this risk. While the plugin has a history of one medium-severity CVE for Cross-Site Scripting, the fact that it's currently unpatched is a red flag, especially given the presence of unsanitized flows and unprotected AJAX endpoints. The vulnerability history, though limited, suggests a pattern of input sanitization issues.

In conclusion, while the plugin utilizes some secure coding practices, the number of unprotected AJAX handlers, high-severity unsanitized taint flows, and the use of `unserialize` present considerable security risks. The recent medium-severity CVE, even if currently patched, reinforces the need for vigilance. Further investigation into the specific nature of the unsanitized taint flows and the impact of unprotected AJAX handlers is recommended to fully understand the exploitation potential.

Key Concerns

  • 8 AJAX handlers without auth checks
  • 6 high severity unsanitized taint flows
  • Uses unserialize function
  • 1 medium CVE, currently unpatched
Vulnerabilities
1

GDPR-Extensions-com – Consent Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-9072medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

GDPR-Extensions-com – Consent Manager <= 1.0.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload

Oct 9, 2024 Patched in 1.0.1 (37d)
Code Analysis
Analyzed Mar 17, 2026

GDPR-Extensions-com – Consent Manager Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
99 prepared
Unescaped Output
11
240 escaped
Nonce Checks
15
Capability Checks
15
File Operations
0
External Requests
6
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserializedArray = unserialize( $active_plugins );includes\update-status.php:27

SQL Query Safety

100% prepared99 total queries

Output Escaping

96% escaped251 total outputs
Data Flows
8 unsanitized

Data Flow Analysis

19 flows8 with unsanitized paths
gdprconsentmanager_cookie_display (cookie\class.tab-cookie-setting.php:17)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
8 unprotected

GDPR-Extensions-com – Consent Manager Attack Surface

Entry Points28
Unprotected8

AJAX Handlers 28

authwp_ajax_gdprconsentmanager_load_tab_contentfunctions\consentmanger-functions.php:6
noprivwp_ajax_gdprconsentmanager_load_tab_contentfunctions\consentmanger-functions.php:7
authwp_ajax_gdprconsentmanager_connection_cookies_tabsfunctions\consentmanger-functions.php:49
noprivwp_ajax_gdprconsentmanager_connection_cookies_tabsfunctions\consentmanger-functions.php:50
authwp_ajax_gdprconsentmanager_savekeyfunctions\consentmanger-functions.php:89
noprivwp_ajax_gdprconsentmanager_savekeyfunctions\consentmanger-functions.php:90
authwp_ajax_gdprconsentmanager_validationfunctions\consentmanger-functions.php:219
noprivwp_ajax_gdprconsentmanager_validationfunctions\consentmanger-functions.php:220
authwp_ajax_gdprconsentmanager_remove_uploaded_iconfunctions\consentmanger-functions.php:251
noprivwp_ajax_gdprconsentmanager_remove_uploaded_iconfunctions\consentmanger-functions.php:252
authwp_ajax_gdprconsentmanager_statusfunctions\consentmanger-functions.php:289
noprivwp_ajax_gdprconsentmanager_statusfunctions\consentmanger-functions.php:290
authwp_ajax_gdprconsentmanager_cookiewidget_savefunctions\cookie-widget-tabdata.php:203
noprivwp_ajax_gdprconsentmanager_cookiewidget_savefunctions\cookie-widget-tabdata.php:204
authwp_ajax_gdprconsentmanager_get_apikeyincludes\cookie-banner.php:7
noprivwp_ajax_gdprconsentmanager_get_apikeyincludes\cookie-banner.php:8
authwp_ajax_gdprconsentmanager_get_reportincludes\cookie-banner.php:18
noprivwp_ajax_gdprconsentmanager_get_reportincludes\cookie-banner.php:19
authwp_ajax_gdprconsentmanager_getcookieincludes\cookie-banner.php:55
noprivwp_ajax_gdprconsentmanager_getcookieincludes\cookie-banner.php:56
authwp_ajax_gdprconsentmanager_getprivacyincludes\cookie-banner.php:93
noprivwp_ajax_gdprconsentmanager_getprivacyincludes\cookie-banner.php:94
authwp_ajax_gdprconsentmanager_report_run_schedulerincludes\fetch-cookie-report.php:151
noprivwp_ajax_gdprconsentmanager_report_run_schedulerincludes\fetch-cookie-report.php:152
authwp_ajax_gdprconsentmanager_privacy_run_schedulerincludes\fetch-privacy-report.php:17
noprivwp_ajax_gdprconsentmanager_privacy_run_schedulerincludes\fetch-privacy-report.php:18
authwp_ajax_gdprconsentmanager_run_schedulerincludes\update-status.php:125
noprivwp_ajax_gdprconsentmanager_run_schedulerincludes\update-status.php:126
WordPress Hooks 24
actioninitconsent-manager.php:44
actionwp_enqueue_scriptsconsent-manager.php:64
actionadmin_enqueue_scriptsconsent-manager.php:65
actioninitconsent-manager.php:67
actionadmin_menuconsent-manager.php:97
actionadmin_enqueue_scriptsconsent-manager.php:143
actionwp_enqueue_scriptsconsent-manager.php:351
filterupload_mimesconsent-manager.php:393
actionwp_footercookie\class.tab-cookie-setting.php:13
filterupload_mimesfunctions\cookie-widget-tabdata.php:11
actionadmin_initincludes\cm-schedular.php:10
filtercron_schedulesincludes\fetch-cookie-report.php:7
actiontrigger_per_dayincludes\fetch-cookie-report.php:17
actionwpincludes\fetch-cookie-report.php:142
actionwpincludes\fetch-privacy-report.php:7
actiontrigger_per_dayincludes\fetch-privacy-report.php:16
filtercron_schedulesincludes\update-status.php:7
actiontrigger_per_dayincludes\update-status.php:17
actionwpincludes\update-status.php:116
actionadmin_initviews\class.consent-manager.php:12
actionadmin_initviews\cookie-widget.php:10
actionadmin_initviews\web-connection.php:10
actionadmin_menuviews\webupdate.php:12
actionadmin_initviews\webupdate.php:16

Scheduled Events 3

trigger_per_day
trigger_per_day
trigger_per_day
Maintenance & Trust

GDPR-Extensions-com – Consent Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.7.5
Last updatedNov 8, 2024
PHP min version8.1
Downloads1K

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

GDPR-Extensions-com – Consent Manager Alternatives

Consensu.io | Conformidade e Consentimento de Cookies para LGPD

Consensu.io | Conformidade e Consentimento de Cookies para LGPD

consensu-io

A
92

Configure facilmente consentimento e monitoramento de cookies em seu website e esteja em conformidade com a LGPD.

300 1 CVE
Cookiefy GDPR Compliance

Cookiefy GDPR Compliance

cookiefy

A
100

GDPR-compliant cookie consent management with automatic cookie detection and intelligent classification.

0 No CVEs
NexaGuard CMP

NexaGuard CMP

nexaguard-cmp

A
100

Consent Management Platform for WordPress. Inject NexaGuard loader, enable Google Consent Mode v2, and manage/reset consent via a simple admin UI.

0 No CVEs
Cookie Notice & Compliance for GDPR / CCPA

Cookie Notice & Compliance for GDPR / CCPA

cookie-notice

A
95

Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.

900K 6 CVEs
WP Consent API

WP Consent API

wp-consent-api

A
100

Simple Consent API to read and register the current consent category.

200K No CVEs
Developer Profile

GDPR-Extensions-com – Consent Manager Developer Profile

GDPR-Extensions.com

3 plugins · 0 total installs

86
trust score
Avg Security Score
97/100
Avg Patch Time
37 days
View full developer profile
Detection Fingerprints

How We Detect GDPR-Extensions-com – Consent Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gdpr-consent-manager/assets/js/consent-manger-admin.js/wp-content/plugins/gdpr-consent-manager/assets/js/min.js/wp-content/plugins/gdpr-consent-manager/assets/css/consentmanager.css/wp-content/plugins/gdpr-consent-manager/build/dsgvo/wp-content/plugins/gdpr-consent-manager/build/privacy
Script Paths
/wp-content/plugins/gdpr-consent-manager/assets/js/consent-manger-admin.js/wp-content/plugins/gdpr-consent-manager/assets/js/min.js
Version Parameters
gdpr-consent-manager/assets/js/consent-manger-admin.js?ver=gdpr-consent-manager/assets/js/min.js?ver=gdpr-consent-manager/assets/css/consentmanager.css?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- GDPR Consent Manager -->
Data Attributes
data-blog-id
JS Globals
gdprconsentmanager_blog_id
FAQ

Frequently Asked Questions about GDPR-Extensions-com – Consent Manager