WP-Safety

GDPR CCPA Compliance & Cookie Consent Banner Security & Risk Analysis

wordpress.org/plugins/ninja-gdpr-compliance

Get compliance with GDPR, CCPA, DPA, and other privacy regulations.

1K active installs v2.7.5 PHP + WP 3.0+ Updated Dec 17, 2025
cookie-bannercookie-consentdsgvogdprgdpr-compliance
89
A · Safe
CVEs total5
Unpatched0
Last CVEJan 19, 2026
Plugin page Download
Safety Verdict

Is GDPR CCPA Compliance & Cookie Consent Banner Safe to Use in 2026?

Generally Safe

Score 89/100

GDPR CCPA Compliance & Cookie Consent Banner has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Jan 19, 2026Updated 3mo ago
Risk Assessment

The ninja-gdpr-compliance plugin v2.7.5 presents a mixed security posture. On the positive side, the plugin demonstrates good practices by using prepared statements for all SQL queries and exhibiting a very high rate of output escaping, indicating a strong defense against common injection vulnerabilities. The absence of critical or high-severity taint flows and dangerous functions is also a significant strength. However, the presence of 6 AJAX handlers without proper authentication checks represents a notable attack surface that could be exploited. The vulnerability history is a significant concern, with a total of 5 known CVEs, including one critical vulnerability, and common types being Missing Authorization and Deserialization of Untrusted Data. While all historical CVEs are currently patched, the past occurrences of critical vulnerabilities, particularly those related to authorization, raise questions about the plugin's historical security robustness and the potential for similar weaknesses to re-emerge in future versions.

Key Concerns

  • Unprotected AJAX handlers
  • Past critical vulnerability (1)
  • Past medium vulnerabilities (4)
  • History of Missing Authorization vulns
  • History of Deserialization vulns
Vulnerabilities
5

GDPR CCPA Compliance & Cookie Consent Banner Security Vulnerabilities

CVEs by Year

1 CVE in 2020
2020
1 CVE in 2024
2024
2 CVEs in 2025
2025
1 CVE in 2026
2026
Patched Has unpatched

Severity Breakdown

Critical
1
Medium
4

5 total CVEs

CVE-2025-68073medium · 4.3Missing Authorization

GDPR CCPA Compliance Support <= 2.7.4 - Missing Authorization

Jan 19, 2026 Patched in 2.7.5 (10d)
CVE-2025-48260medium · 4.3Missing Authorization

GDPR CCPA Compliance Support <= 2.7.3 - Missing Authorization

May 19, 2025 Patched in 2.7.4 (10d)
CVE-2025-24591medium · 4.3Missing Authorization

GDPR CCPA Compliance Support <= 2.7.1 - Missing Authorization

Jan 24, 2025 Patched in 2.7.2 (5d)
CVE-2024-5607medium · 5.4Missing Authorization

GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting

Jun 6, 2024 Patched in 2.7.1 (1d)
CVE-2020-36718critical · 9.8Deserialization of Untrusted Data

GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection

Nov 3, 2020 Patched in 2.4 (1176d)
Code Analysis
Analyzed Mar 16, 2026

GDPR CCPA Compliance & Cookie Consent Banner Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
1
63 escaped
Nonce Checks
34
Capability Checks
5
File Operations
5
External Requests
0
Bundled Libraries
0

Output Escaping

98% escaped64 total outputs
Data Flows
All sanitized

Data Flow Analysis

22 flows
ajaxUpdateSettings (src\DataAccess.php:99)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
6 unprotected

GDPR CCPA Compliance & Cookie Consent Banner Attack Surface

Entry Points49
Unprotected6

AJAX Handlers 43

authwp_ajax_njt_gdpr_get_dataaccess_settingssrc\DataAccess.php:9
authwp_ajax_njt_gdpr_update_dataaccess_settingssrc\DataAccess.php:10
authwp_ajax_njt_gdpr_dataaccess_request_actionsrc\DataAccess.php:11
authwp_ajax_njt_gdpr_dataaccesssrc\DataAccess.php:13
noprivwp_ajax_njt_gdpr_dataaccesssrc\DataAccess.php:14
authwp_ajax_njt_gdpr_get_data_breach_settingssrc\DataBreach.php:7
authwp_ajax_njt_gdpr_update_data_breach_settingssrc\DataBreach.php:8
authwp_ajax_njt_gdpr_get_data_rectification_settingssrc\DataRectification.php:9
authwp_ajax_njt_gdpr_update_data_rectification_settingssrc\DataRectification.php:10
authwp_ajax_njt_gdpr_data_rectification_request_actionsrc\DataRectification.php:11
authwp_ajax_njt_gdpr_data_rectificationsrc\DataRectification.php:13
noprivwp_ajax_njt_gdpr_data_rectificationsrc\DataRectification.php:14
authwp_ajax_njt_gdpr_get_eu_settingssrc\EuTraffic.php:7
authwp_ajax_njt_gdpr_update_eu_settingssrc\EuTraffic.php:8
authwp_ajax_njt_gdpr_get_forgetme_settingssrc\ForgetMe.php:9
authwp_ajax_njt_gdpr_update_forgetme_settingssrc\ForgetMe.php:10
authwp_ajax_njt_gdpr_forget_me_request_actionsrc\ForgetMe.php:11
authwp_ajax_njt_gdpr_forgetmesrc\ForgetMe.php:13
noprivwp_ajax_njt_gdpr_forgetmesrc\ForgetMe.php:14
authwp_ajax_njt_gdpr_get_settingssrc\init.php:34
authwp_ajax_njt_gdpr_update_settingssrc\init.php:35
authwp_ajax_njt_gdpr_recheck_cookiesrc\init.php:37
noprivwp_ajax_njt_gdpr_recheck_cookiesrc\init.php:38
authwp_ajax_njt_gdpr_allow_cookiesrc\init.php:41
noprivwp_ajax_njt_gdpr_allow_cookiesrc\init.php:42
authwp_ajax_njt_gdpr_get_integrations_settingssrc\Integrations.php:7
authwp_ajax_njt_gdpr_update_integrations_settingssrc\Integrations.php:8
authwp_ajax_njt_gdpr_save_privacy_settingssrc\Integrations.php:11
noprivwp_ajax_njt_gdpr_save_privacy_settingssrc\Integrations.php:12
authwp_ajax_njt_gdpr_get_policy_settingssrc\Policy.php:7
authwp_ajax_njt_gdpr_update_policy_settingssrc\Policy.php:8
authwp_ajax_njt_gdpr_accept_policysrc\Policy.php:10
noprivwp_ajax_njt_gdpr_accept_policysrc\Policy.php:11
authwp_ajax_njt_gdpr_recheck_policysrc\Policy.php:17
noprivwp_ajax_njt_gdpr_recheck_policysrc\Policy.php:18
authwp_ajax_njt_gdpr_get_pvsettings_settingssrc\PrivacySettingsPage.php:7
authwp_ajax_njt_gdpr_update_pvsettings_settingssrc\PrivacySettingsPage.php:8
authwp_ajax_njt_gdpr_get_term_settingssrc\Term.php:7
authwp_ajax_njt_gdpr_update_term_settingssrc\Term.php:8
authwp_ajax_njt_gdpr_accept_termsrc\Term.php:10
noprivwp_ajax_njt_gdpr_accept_termsrc\Term.php:11
authwp_ajax_njt_gdpr_get_unsub_settingssrc\Unsubscribe.php:7
authwp_ajax_njt_gdpr_update_unsub_settingssrc\Unsubscribe.php:8

Shortcodes 6

[njt_gdpr_data_access] src\DataAccess.php:16
[njt_gdpr_data_rectification] src\DataRectification.php:16
[njt_gdpr_forgetme] src\ForgetMe.php:16
[njt_gdpr_policy] src\Policy.php:13
[njt_gdpr_privacy_settings] src\PrivacySettingsPage.php:9
[njt_gdpr_term] src\Term.php:13
WordPress Hooks 31
actioninitsrc\Cross.php:52
actionadmin_noticessrc\Cross.php:58
actionwp_dashboard_setupsrc\Cross.php:66
actionadmin_footersrc\Cross.php:67
actionwp_enqueue_scriptssrc\DataAccess.php:18
actioninitsrc\DataAccess.php:20
actionwp_enqueue_scriptssrc\DataRectification.php:18
actioninitsrc\DataRectification.php:20
actionwp_enqueue_scriptssrc\ForgetMe.php:18
actioninitsrc\ForgetMe.php:20
actionplugins_loadedsrc\init.php:16
actionadmin_menusrc\init.php:27
actionadmin_enqueue_scriptssrc\init.php:29
actionadmin_headsrc\init.php:31
actionadmin_footersrc\init.php:32
actionwp_enqueue_scriptssrc\init.php:44
filterwpcf7_form_elementssrc\Integrations.php:15
filtergform_pre_rendersrc\Integrations.php:17
filtergform_validationsrc\Integrations.php:18
filtercomment_form_submit_fieldsrc\Integrations.php:20
actionwp_footersrc\Integrations.php:21
actionregister_formsrc\Integrations.php:23
actionwoocommerce_review_order_before_submitsrc\Integrations.php:24
actiongroups_forum_new_reply_aftersrc\Integrations.php:26
actionbp_after_message_reply_boxsrc\Integrations.php:27
actionbp_after_group_forum_post_newsrc\Integrations.php:28
actionbp_after_messages_compose_contentsrc\Integrations.php:29
actiongroups_forum_new_topic_aftersrc\Integrations.php:30
actionbp_activity_post_form_optionssrc\Integrations.php:31
actionwp_enqueue_scriptssrc\Policy.php:15
actionwp_enqueue_scriptssrc\Term.php:15
Maintenance & Trust

GDPR CCPA Compliance & Cookie Consent Banner Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedDec 17, 2025
PHP min version
Downloads47K

Community Trust

Rating100/100
Number of ratings6
Active installs1K
Alternatives

GDPR CCPA Compliance & Cookie Consent Banner Alternatives

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

gdpr-cookie-compliance

A
97

Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo &hellip;

300K 9 CVEs
GDPR Compliance & Cookie Consent

GDPR Compliance & Cookie Consent

gdpr-compliance-cookie-consent

A
92

This plugin adds GDPR-compliant cookie management to websites, ensuring legal compliance and enhancing user privacy.

5K 1 CVE
CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)

CookieYes – Cookie Banner for Cookie Consent (Easy to setup GDPR/CCPA Compliant Cookie Notice)

cookie-law-info

A
100

Easily set up cookie banner or notice in WordPress, and policy pages for compliance with global cookie laws (GDPR, DSGVO, RGPD, CCPA/CPRA, etc).

1.0M 1 CVE
Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode

Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode

cookiebot

B
72

Install your cookie banner in minutes. Automatically scan and block cookies to comply with the GDPR, CCPA, Google Consent Mode v2. Free plan option.

100K 1 unpatched
Real Cookie Banner: GDPR & ePrivacy Cookie Consent

Real Cookie Banner: GDPR & ePrivacy Cookie Consent

real-cookie-banner

A
95

Obtain GDPR (DSGVO/RGPD) and ePrivacy Directive (TDDDG/TTDSG, LOPD-GDD, DTA) compliant consents in your cookie banner. More than just a cookie notice!

100K 4 CVEs
Developer Profile

GDPR CCPA Compliance & Cookie Consent Banner Developer Profile

Ninja Team

13 plugins · 496K total installs

76
trust score
Avg Security Score
96/100
Avg Patch Time
93 days
View full developer profile
Detection Fingerprints

How We Detect GDPR CCPA Compliance & Cookie Consent Banner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/ninja-gdpr-compliance/assets/admin/js/cross.js
Script Paths
/wp-content/plugins/ninja-gdpr-compliance/assets/admin/js/cross.js
Version Parameters
ninja-gdpr-compliance/assets/admin/js/cross.js?ver=

HTML / DOM Fingerprints

CSS Classes
fbv-cross-wrapfbv-iconfbv-i-folderfbv-cross-link
Data Attributes
data-njt-gdpr-noncedata-njt-gdpr-slugdata-njt-gdpr-path
JS Globals
njtCross
Shortcode Output
[ninja_gdpr_form][ninja_gdpr_form_submit][ninja_gdpr_data_request_form][ninja_gdpr_data_access_request_form]
FAQ

Frequently Asked Questions about GDPR CCPA Compliance & Cookie Consent Banner