WP-Safety

NexaGuard CMP Security & Risk Analysis

wordpress.org/plugins/nexaguard-cmp

Consent Management Platform for WordPress. Inject NexaGuard loader, enable Google Consent Mode v2, and manage/reset consent via a simple admin UI.

0 active installs v0.2.3 PHP 7.4+ WP 5.8+ Updated Feb 21, 2026
complianceconsentcookiesgdprprivacy
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is NexaGuard CMP Safe to Use in 2026?

Generally Safe

Score 100/100

NexaGuard CMP has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The nexaguard-cmp plugin v0.2.3 exhibits a generally strong security posture, with several positive indicators. The absence of dangerous functions, file operations, and external HTTP requests is commendable. All SQL queries are properly prepared, and a high percentage of outputs are escaped, significantly reducing the risk of common web vulnerabilities like SQL injection and Cross-Site Scripting (XSS). The presence of nonce and capability checks further bolsters its defenses against unauthorized actions.

However, a notable concern is the presence of a REST API route without a permission callback. This means that this endpoint is accessible and executable without proper authorization, potentially exposing sensitive functionality or data to unauthenticated users. While the static analysis and taint analysis did not reveal any specific critical or high-severity flaws, this unprotected REST API route represents a tangible attack vector that should be addressed. The plugin's vulnerability history is clean, with no recorded CVEs, which suggests a diligent development approach to security so far, but this does not negate the identified issue.

In conclusion, nexaguard-cmp v0.2.3 is well-developed from a security standpoint, but the unprotected REST API route is a significant weakness that lowers its overall security score. Addressing this specific entry point is crucial to improving its security posture and mitigating potential risks.

Key Concerns

  • REST API route without permission callback
Vulnerabilities
None known

NexaGuard CMP Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

NexaGuard CMP Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
2
55 escaped
Nonce Checks
5
Capability Checks
2
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

96% escaped57 total outputs
Attack Surface
1 unprotected

NexaGuard CMP Attack Surface

Entry Points3
Unprotected1

REST API Routes 1

GET/wp-json/nexaguard-cmp/v1/wpca-statusincludes\class-nxg-rest.php:6

Shortcodes 2

[nexaguard_cmp] includes\class-nxg-frontend.php:23
[nexaguard_preferences] includes\class-nxg-frontend.php:24
WordPress Hooks 17
actionadmin_menuincludes\class-nxg-admin.php:10
actionadmin_enqueue_scriptsincludes\class-nxg-admin.php:11
actionadmin_noticesincludes\class-nxg-admin.php:12
actionwp_enqueue_scriptsincludes\class-nxg-consent-mode.php:18
actionsend_headersincludes\class-nxg-frontend.php:14
actionwp_enqueue_scriptsincludes\class-nxg-frontend.php:17
actionwp_enqueue_scriptsincludes\class-nxg-frontend.php:20
actioninitincludes\class-nxg-frontend.php:25
filterscript_loader_tagincludes\class-nxg-frontend.php:128
actionadmin_initincludes\class-nxg-options.php:13
actionrest_api_initincludes\class-nxg-rest.php:5
actionwp_enqueue_scriptsincludes\class-nxg-wp-consent-api.php:9
actionwp_enqueue_scriptsincludes\class-nxg-wp-consent-api.php:12
actionplugins_loadedincludes\class-nxg-wp-consent-api.php:15
actionplugins_loadedincludes\class-nxg-wp-consent-api.php:16
filterwp_get_consent_typeincludes\class-nxg-wp-consent-api.php:19
actionplugins_loadednexaguard-cmp.php:47
Maintenance & Trust

NexaGuard CMP Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedFeb 21, 2026
PHP min version7.4
Downloads275

Community Trust

Rating0/100
Number of ratings0
Active installs0
Alternatives

NexaGuard CMP Alternatives

Consensu.io | Conformidade e Consentimento de Cookies para LGPD

Consensu.io | Conformidade e Consentimento de Cookies para LGPD

consensu-io

A
92

Configure facilmente consentimento e monitoramento de cookies em seu website e esteja em conformidade com a LGPD.

300 1 CVE
Cookiefy GDPR Compliance

Cookiefy GDPR Compliance

cookiefy

A
100

GDPR-compliant cookie consent management with automatic cookie detection and intelligent classification.

0 No CVEs
GDPR-Extensions-com – Consent Manager

GDPR-Extensions-com – Consent Manager

gdpr-consent-manager

A
91

Short Description: Ensure GDPR compliance effortlessly. Scan for cookies, resources, and security issues. Generate reports.

0 1 CVE
Cookie Notice & Compliance for GDPR / CCPA

Cookie Notice & Compliance for GDPR / CCPA

cookie-notice

A
95

Cookie Notice allows you to you elegantly inform users that your site uses cookies and helps you comply with GDPR, CCPA and other data privacy laws.

900K 6 CVEs
WP Consent API

WP Consent API

wp-consent-api

A
100

Simple Consent API to read and register the current consent category.

200K No CVEs
Developer Profile

NexaGuard CMP Developer Profile

NexaGuard Inc.

1 plugin · 0 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect NexaGuard CMP

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/nexaguard-cmp/assets/css/admin.css/wp-content/plugins/nexaguard-cmp/assets/js/admin.js
Version Parameters
nexaguard-cmp/assets/css/admin.css?ver=nexaguard-cmp/assets/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
nexaguard-adminnexaguard-containernexaguard-heronexaguard-hero__eyebrownexaguard-hero__titlenexaguard-hero__subtitlenexaguard-hero__actionsnexaguard-btn+11 more
Data Attributes
nexaguard_debug_nexaguard
FAQ

Frequently Asked Questions about NexaGuard CMP