WP-Safety

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more Security & Risk Analysis

wordpress.org/plugins/iubenda-cookie-law-solution

The solution for GDPR compliance + more. Get your cookie banner, privacy policy, terms and conditions and handle cookie consent in just one plugin.

200K active installs v3.13.1 PHP 7.0.0+ WP 5.0+ Updated Mar 11, 2026
ccpacookie-bannergdprprivacy-policyterms-and-conditions
97
A · Safe
CVEs total4
Unpatched0
Last CVEDec 12, 2022
Plugin page Download
Safety Verdict

Is iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more Safe to Use in 2026?

Generally Safe

Score 97/100

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more has a strong security track record. Known vulnerabilities have been patched promptly.

4 known CVEsLast CVE: Dec 12, 2022Updated 23d ago
Risk Assessment

The iubenda-cookie-law-solution plugin version 3.13.1 exhibits a mixed security posture. While it demonstrates strong adherence to secure coding practices with a high percentage of properly escaped output and exclusively using prepared statements for SQL queries, significant concerns arise from its attack surface. A substantial portion of its AJAX handlers (17 out of 17) lack authorization checks, creating a large vector for potential unauthorized actions. The presence of 4 previously disclosed CVEs, although currently patched, indicates a historical pattern of vulnerabilities including missing authorization, CSRF, SSRF, and improper input validation, suggesting that recurring security flaws have been an issue in the past. The taint analysis showing flows with unsanitized paths is concerning, even without critical or high severity findings in this scan, as it points to potential weaknesses in how user-supplied data is handled.

Key Concerns

  • 17 unprotected AJAX handlers
  • 4 previously disclosed CVEs
  • Flows with unsanitized paths
Vulnerabilities
4

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
3 CVEs in 2022
2022
Patched Has unpatched

Severity Breakdown

High
3
Medium
1

4 total CVEs

CVE-2022-3911high · 8.8Missing Authorization

iubenda <= 3.3.2 - Authenticated (Subscriber+) Privilege Escalation

Dec 12, 2022 Patched in 3.3.3 (407d)
WF-d0301141-bbc6-4a9e-b816-888554600b57-iubenda-cookie-law-solutionhigh · 8.8Cross-Site Request Forgery (CSRF)

iubenda <= 3.3.2 - Cross-Site Request Forgery

Dec 6, 2022 Patched in 3.3.3 (413d)
WF-69ec31f3-8ec8-40ad-ba7f-77f9132ad51f-iubenda-cookie-law-solutionhigh · 8.3Server-Side Request Forgery (SSRF)

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more <= 3.0.8 - Server-Side Request Forgery

Jun 17, 2022 Patched in 3.0.8 (585d)
CVE-2020-12742medium · 6.5Improper Input Validation

iubenda < 2.3.5 - Failure to Restrict URL Protocol

May 12, 2020 Patched in 2.3.5 (1351d)
Code Analysis
Analyzed Mar 16, 2026

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
3 prepared
Unescaped Output
12
622 escaped
Nonce Checks
2
Capability Checks
15
File Operations
4
External Requests
8
Bundled Libraries
0

SQL Query Safety

100% prepared3 total queries

Output Escaping

98% escaped634 total outputs
Data Flows
2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths
plugin_settings_save_options (includes\services\class-iubenda-plugin-setting-service.php:47)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
17 unprotected

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more Attack Surface

Entry Points23
Unprotected17

AJAX Handlers 17

authwp_ajax_check_frontend_auto_blocking_statusincludes\class-auto-blocking.php:35
authwp_ajax_iubenda_dismiss_general_noticeincludes\class-iubenda-notice.php:60
authwp_ajax_iubenda_dismiss_rating_noticeincludes\class-iubenda-notice.php:61
authwp_ajax_synchronize_productsincludes\class-iubenda-settings.php:98
authwp_ajax_quick_generator_apiincludes\class-iubenda-settings.php:99
authwp_ajax_integrate_setupincludes\class-iubenda-settings.php:100
authwp_ajax_toggle_servicesincludes\class-iubenda-settings.php:101
authwp_ajax_auto_detect_formsincludes\class-iubenda-settings.php:102
authwp_ajax_save_cs_optionsincludes\class-iubenda-settings.php:103
authwp_ajax_save_pp_optionsincludes\class-iubenda-settings.php:104
authwp_ajax_save_cons_optionsincludes\class-iubenda-settings.php:105
authwp_ajax_save_tc_optionsincludes\class-iubenda-settings.php:106
authwp_ajax_save_plugin_settings_optionsincludes\class-iubenda-settings.php:107
authwp_ajax_radar_percentage_reloadincludes\class-iubenda-settings.php:108
authwp_ajax_frontpage_main_boxincludes\class-iubenda-settings.php:109
authwp_ajax_dashboard_complianceincludes\class-radar-dashboard-widget.php:24
authwp_ajax_force_reload_radar_configincludes\class-radar-service.php:92

REST API Routes 1

POST/wp-json/iubenda-cookie-law-solution/v1/inject-plugin-optionsincludes\integrations\class-pib-integration.php:102

Shortcodes 5

[iub-tc-button] includes\class-iubenda-settings.php:114
[iub-pp-button] includes\class-iubenda-settings.php:115
[iub-cookie-policy] iubenda_cookie_solution.php:764
[iub-cookie-block] iubenda_cookie_solution.php:765
[iub-cookie-skip] iubenda_cookie_solution.php:766
WordPress Hooks 59
actioniubenda_attach_block_in_footerincludes\block\class-iubenda-legal-block.php:27
actioninitincludes\block\class-iubenda-legal-block.php:30
actionadmin_initincludes\block\class-iubenda-legal-block.php:33
actionafter_setup_themeincludes\block\class-iubenda-legal-block.php:36
actionwp_headincludes\class-iubenda-amp.php:74
actionamp_post_template_headincludes\class-iubenda-amp.php:75
actionwp_footerincludes\class-iubenda-amp.php:76
actionamp_post_template_footerincludes\class-iubenda-amp.php:77
actionamp_post_template_cssincludes\class-iubenda-amp.php:78
filteramp_post_template_dataincludes\class-iubenda-amp.php:81
filteramp_analytics_entriesincludes\class-iubenda-amp.php:82
actioninitincludes\class-iubenda-forms.php:51
actioninitincludes\class-iubenda-forms.php:52
actioninitincludes\class-iubenda-forms.php:53
actionwp_enqueue_scriptsincludes\class-iubenda-forms.php:54
actionwpforms_process_completeincludes\class-iubenda-forms.php:57
filtermc4wp_integration_woocommerce_checkbox_attributesincludes\class-iubenda-forms.php:60
actionadmin_headincludes\class-iubenda-notice.php:54
actionadmin_initincludes\class-iubenda-notice.php:59
actionafter_setup_themeincludes\class-iubenda-notice.php:62
actionadmin_print_scriptsincludes\class-iubenda-notice.php:176
actionadmin_noticesincludes\class-iubenda-notice.php:177
actionadmin_print_scriptsincludes\class-iubenda-notice.php:181
actionadmin_noticesincludes\class-iubenda-notice.php:182
actionadmin_print_scriptsincludes\class-iubenda-notice.php:372
actionafter_setup_themeincludes\class-iubenda-settings.php:91
actionadmin_initincludes\class-iubenda-settings.php:92
actionadmin_menuincludes\class-iubenda-settings.php:93
actionadmin_enqueue_scriptsincludes\class-iubenda-settings.php:94
actionadmin_print_stylesincludes\class-iubenda-settings.php:95
actionadmin_initincludes\class-iubenda-settings.php:96
actionwp_body_openincludes\class-no-script-policy-embedder.php:24
actioniubenda_verify_cookie_policy_existenceincludes\class-no-script-policy-embedder.php:25
actionwp_dashboard_setupincludes\class-radar-dashboard-widget.php:25
actioninitincludes\class-radar-service.php:91
actioniubenda_schedule_reload_radar_configincludes\class-radar-service.php:99
actionrest_api_initincludes\integrations\class-pib-integration.php:95
filterwp_get_consent_typeincludes\integrations\class-wp-consent-api-integration.php:25
actionwp_enqueue_scriptsincludes\integrations\class-wp-consent-api-integration.php:26
actionwoocommerce_store_api_checkout_order_processedincludes\integrations\cons\class-woocommerce-form-consent.php:23
filterscript_loader_tagincludes\services\class-iubenda-code-extractor.php:149
actioniubenda_assign_widget_to_first_sidebarincludes\widget\class-iubenda-legal-widget.php:48
actionelementor/widgets/widgets_registeredincludes\widget\class-iubenda-legal-widget.php:49
actionplugins_loadediubenda_cookie_solution.php:354
actionplugins_loadediubenda_cookie_solution.php:355
actionafter_setup_themeiubenda_cookie_solution.php:406
actionwp_headiubenda_cookie_solution.php:407
actiontemplate_redirectiubenda_cookie_solution.php:408
actionshutdowniubenda_cookie_solution.php:409
actiontemplate_redirectiubenda_cookie_solution.php:410
actionadmin_initiubenda_cookie_solution.php:411
actionadmin_initiubenda_cookie_solution.php:412
actionupgrader_process_completeiubenda_cookie_solution.php:413
filterplugin_action_linksiubenda_cookie_solution.php:414
actionupgrader_overwrote_packageiubenda_cookie_solution.php:415
actionafter_switch_themeiubenda_cookie_solution.php:416
actionwp_headiubenda_cookie_solution.php:417
actionwidgets_initiubenda_cookie_solution.php:645
filterplugin_row_metaiubenda_cookie_solution.php:1596

Scheduled Events 3

iubenda_verify_cookie_policy_existence
iubenda_verify_cookie_policy_existence
iubenda_schedule_reload_radar_config
Maintenance & Trust

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 11, 2026
PHP min version7.0.0
Downloads5.3M

Community Trust

Rating94/100
Number of ratings386
Active installs200K
Alternatives

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more Alternatives

Privacy Policy Generator – WPLP Legal Pages

Privacy Policy Generator – WPLP Legal Pages

wplegalpages

A
92

Create and manage legal pages for WordPress websites using ready-made policy templates that support common privacy and compliance requirements.

10K 7 CVEs
GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

gdpr-cookie-compliance

A
97

Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo &hellip;

300K 9 CVEs
TermsFeed AutoTerms: Privacy Policy Generator, Cookie Consent, GDPR, CCPA, Terms & Conditions, Disclaimers, Cookies Policy, EULA

TermsFeed AutoTerms: Privacy Policy Generator, Cookie Consent, GDPR, CCPA, Terms & Conditions, Disclaimers, Cookies Policy, EULA

auto-terms-of-service-and-privacy-policy

A
100

All-in-One compliance solution from TermsFeed: Generator of Privacy Policy, T&Cs, Affiliate Disclaimers and Cookie Consent Notice Banner.

90K No CVEs
Termly – GDPR/CCPA Cookie Consent Banner

Termly – GDPR/CCPA Cookie Consent Banner

uk-cookie-consent

A
99

Our easy to use cookie consent plugin can assist in your GDPR, CCPA, and ePrivacy Directive compliance efforts.

90K 2 CVEs
Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

Legal Pages – Privacy Policy, Terms & Conditions, GDPR, CCPA, and Cookie Notice Generator

legal-pages

A
95

The best WordPress legal pages generator that comes with pre-made templates for GDPR, CCPA, DMCA, Privacy Policy, Terms & Conditions, Cookie Polic &hellip;

10K 7 CVEs
Developer Profile

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more Developer Profile

iubenda

1 plugin · 200K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
689 days
View full developer profile
Detection Fingerprints

How We Detect iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/iubenda-cookie-law-solution/includes/admin/css/iubenda-admin.css/wp-content/plugins/iubenda-cookie-law-solution/includes/admin/css/iubenda-settings.css/wp-content/plugins/iubenda-cookie-law-solution/includes/admin/css/iubenda-theme.css/wp-content/plugins/iubenda-cookie-law-solution/includes/admin/js/iubenda-admin.js/wp-content/plugins/iubenda-cookie-law-solution/includes/admin/js/iubenda-settings.js/wp-content/plugins/iubenda-cookie-law-solution/includes/frontend/css/iubenda-cookie-law.css/wp-content/plugins/iubenda-cookie-law-solution/includes/frontend/js/iubenda-cookie-law.js/wp-content/plugins/iubenda-cookie-law-solution/assets/css/iubenda-dialog.css+1 more
Generator Patterns
iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more
Script Paths
/wp-content/plugins/iubenda-cookie-law-solution/includes/admin/js/iubenda-admin.js/wp-content/plugins/iubenda-cookie-law-solution/includes/admin/js/iubenda-settings.js/wp-content/plugins/iubenda-cookie-law-solution/includes/frontend/js/iubenda-cookie-law.js/wp-content/plugins/iubenda-cookie-law-solution/assets/js/iubenda-dialog.js
Version Parameters
iubenda-cookie-law-solution/includes/admin/css/iubenda-admin.css?ver=iubenda-cookie-law-solution/includes/admin/css/iubenda-settings.css?ver=iubenda-cookie-law-solution/includes/admin/css/iubenda-theme.css?ver=iubenda-cookie-law-solution/includes/admin/js/iubenda-admin.js?ver=iubenda-cookie-law-solution/includes/admin/js/iubenda-settings.js?ver=iubenda-cookie-law-solution/includes/frontend/css/iubenda-cookie-law.css?ver=iubenda-cookie-law-solution/includes/frontend/js/iubenda-cookie-law.js?ver=iubenda-cookie-law-solution/assets/css/iubenda-dialog.css?ver=iubenda-cookie-law-solution/assets/js/iubenda-dialog.js?ver=

HTML / DOM Fingerprints

CSS Classes
iubenda-cookie-lawiubenda-dialogiubenda-settings-wrapiubenda-admin-noticeiubenda-consent-manageriubenda-legal-notice
HTML Comments
Copyright (C) 2018-2020, iubenda s.r.liubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more
Data Attributes
data-iub-ccpa-opt-outdata-iub-gdpr-opt-outdata-iub-consent-informationdata-iub-cs-redirectdata-iub-cs-policy
JS Globals
iubenda_consent_apiiubenda_preferences_dialogiubenda_config
REST Endpoints
/wp-json/iubenda/v1/settings/wp-json/iubenda/v1/consent
Shortcode Output
[iubenda_notice][iubenda_policy][iubenda_cookie_policy]
FAQ

Frequently Asked Questions about iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more