WP-Safety

GDPR Notice Security & Risk Analysis

wordpress.org/plugins/gdpr-notice-original

GDPR Notice allows you, in accordance to the General Data Protection Regulation, to ask the user in advance if your page may use external services.

20 active installs v1.3.13 PHP 5.6+ WP 3.4+ Updated Jan 14, 2019
dsgvogdprgeneral-data-protection-regulationlawprivacy
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is GDPR Notice Safe to Use in 2026?

Generally Safe

Score 85/100

GDPR Notice has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago
Risk Assessment

The "gdpr-notice-original" plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices by exclusively using prepared statements for SQL queries and has no recorded vulnerability history, suggesting a generally stable codebase. However, significant concerns arise from the static analysis. The plugin exposes two AJAX handlers with no authentication checks, creating a substantial attack surface for unauthorized actions. Furthermore, the taint analysis reveals that all analyzed flows involve unsanitized paths, although none are classified as critical or high severity, this still indicates a potential for unintended data manipulation or execution if these paths are reachable through user input.

The lack of proper output escaping on a notable percentage of outputs (60%) is another area of concern, potentially opening the door for cross-site scripting (XSS) vulnerabilities if user-supplied data is echoed directly to the browser without sanitization. While the plugin uses nonces and capability checks to some extent, the absence of authentication on critical entry points is the most immediate and pressing risk. The presence of the `exec` function, a dangerous function, is also noted, though its usage within the plugin's context isn't detailed in the provided data; however, it warrants careful scrutiny.

In conclusion, while the plugin benefits from clean SQL practices and a clean vulnerability history, the high number of unprotected AJAX endpoints and the presence of unsanitized paths are significant security weaknesses. Addressing these issues, particularly the unauthenticated AJAX handlers, should be the top priority to improve the plugin's overall security.

Key Concerns

  • Unprotected AJAX handlers
  • Flows with unsanitized paths
  • Output escaping not properly implemented
  • Dangerous function 'exec' present
Vulnerabilities
None known

GDPR Notice Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

GDPR Notice Code Analysis

Dangerous Functions
2
Raw SQL Queries
0
1 prepared
Unescaped Output
34
23 escaped
Nonce Checks
3
Capability Checks
1
File Operations
14
External Requests
4
Bundled Libraries
0

Dangerous Functions Found

execexec("cp -rf $path" . DIRECTORY_SEPARATOR . "cache" . DIRECTORY_SEPARATOR . "$slugName $path", $out)include\Upgrade\UpdateService.php:206
execexec("rm -rf $path" . DIRECTORY_SEPARATOR . "cache");include\Upgrade\UpdateService.php:209

SQL Query Safety

100% prepared1 total queries

Output Escaping

40% escaped57 total outputs
Data Flows
5 unsanitized

Data Flow Analysis

5 flows5 with unsanitized paths
getPageContent (gdpr-notice-original.php:97)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
2 unprotected

GDPR Notice Attack Surface

Entry Points2
Unprotected2

AJAX Handlers 2

authwp_ajax_privacy_contentgdpr-notice-original.php:48
authwp_ajax_orcas-naggerinclude\Nagger\Nagger.php:29
WordPress Hooks 39
actionadmin_menuadmin\admin.php:23
actionadmin_initadmin\admin.php:24
actionadd_meta_boxesadmin\admin.php:25
filtermanage_gdpr-notice-page_posts_columnsadmin\admin.php:26
actionmanage_posts_custom_columnadmin\admin.php:27
actionload-edit.phpadmin\admin.php:28
filteradmin_titleadmin\admin.php:30
actionadmin_post_gdpr_edit_styleadmin\admin.php:32
actionadmin_enqueue_scriptsadmin\admin.php:33
actionadmin_noticesadmin\admin.php:34
actionpre_get_postsadmin\admin.php:42
actionsave_postadmin\admin.php:43
actionpost_submitbox_startadmin\admin.php:44
filterparent_fileadmin\admin.php:46
filtersubmenu_fileadmin\admin.php:47
filterdisplay_post_statesadmin\admin.php:49
filterpost_row_actionsadmin\admin.php:50
actionpost_action_toggle-disabledadmin\admin.php:51
actioncurrent_screenadmin\admin.php:53
actionall_admin_noticesadmin\admin.php:105
actionadmin_headadmin\admin.php:123
actioninitgdpr-notice-original.php:45
actionplugins_loadedgdpr-notice-original.php:46
actionplugins_loadedgdpr-notice-original.php:47
actiongdpr_print_pagesgdpr-notice-original.php:50
actiongdpr_print_pagesgdpr-notice-original.php:51
actiongdpr_informational_contentgdpr-notice-original.php:52
filterclean_urlgdpr-notice-original.php:54
filtergdpr_display_page_typesgdpr-notice-original.php:246
actionwp_enqueue_scriptsgdpr-notice-original.php:427
actionwp_footergdpr-notice-original.php:428
actiongdpr_before_linksgdpr-notice-original.php:495
actionplugins_loadedinclude\autoload.php:23
actionadmin_noticesinclude\Nagger\Nagger.php:26
actionadmin_enqueue_scriptsinclude\Nagger\Nagger.php:27
actionadmin_menuinclude\Upgrade\Upgrade.php:27
actionupgrader_process_completeinclude\Upgrade\Upgrade.php:28
filterhttp_request_argsinclude\Upgrade\Upgrade.php:29
actioninitinclude\Upgrade\Upgrade.php:30
Maintenance & Trust

GDPR Notice Maintenance & Trust

Maintenance Signals

WordPress version tested5.0.25
Last updatedJan 14, 2019
PHP min version5.6
Downloads4K

Community Trust

Rating100/100
Number of ratings2
Active installs20
Alternatives

GDPR Notice Alternatives

GDPR

GDPR

gdpr

A
100

This plugin is meant to assist with the GDPR obligations of a Data processor and Controller.

10K No CVEs
CCM19 Integration

CCM19 Integration

ccm19-integration

A
100

Integrates the CCM19 Cookie Consent Manager into WordPress. To use this plugin CCM19 needs to be bought or leased.

4K No CVEs
WP DSGVO Tools (GDPR)

WP DSGVO Tools (GDPR)

shapepress-dsgvo

A
90

WP DSGVO Tools (GDPR) by legalweb.io help you to fulfill the GDPR (DSGVO) compliance guidance (GDPR)

10K 5 CVEs
My Agile Privacy® – CMP, Cookie Consent & Privacy Tools

My Agile Privacy® – CMP, Cookie Consent & Privacy Tools

myagileprivacy

A
100

Effortlessly set up cookie notices and privacy policies. Avoid fines by staying compliant with GDPR, nFADP, PIPEDA, LGPD, CCPA/CPRA and 14 more.

7K 1 CVE
Smart Cookie Kit

Smart Cookie Kit

smart-cookie-kit

A
85

Preventive blocking of third party cookies for GDPR/EU Cookie Law/ePrivacy. Translatable, cacheable, lightweight, powerful!

3K 1 CVE
Developer Profile

GDPR Notice Developer Profile

orcas - Mario Gleichmann

1 plugin · 20 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect GDPR Notice

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/gdpr-notice-original/css/gdpr.css/wp-content/plugins/gdpr-notice-original/js/gdpr.js
Script Paths
/wp-content/plugins/gdpr-notice-original/js/gdpr.js
Version Parameters
gdpr-notice-original/css/gdpr.css?ver=gdpr-notice-original/js/gdpr.js?ver=

HTML / DOM Fingerprints

CSS Classes
gdpr-notice-wrappergdpr-message-wrappergdpr-messagegdpr-cookies
Data Attributes
data-gdpr-cookie-namedata-gdpr-cookie-days
JS Globals
gdpr_settings
REST Endpoints
/wp-json/gdpr-notice-original/v1/settings
FAQ

Frequently Asked Questions about GDPR Notice