WP-Safety

Simple Cookie Control Security & Risk Analysis

wordpress.org/plugins/simple-cookie-control

A simple banner to inform users that your site uses cookies and blocks them until the visitor accepts.

200 active installs v1.0.3 PHP 5.2.4+ WP 4.6+ Updated Nov 16, 2019
cookiecookie-consentcookie-lawgdprgutenberg-cookie-block
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Simple Cookie Control Safe to Use in 2026?

Generally Safe

Score 85/100

Simple Cookie Control has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 6yr ago
Risk Assessment

The plugin 'simple-cookie-control' version 1.0.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates good practices in several areas. It utilizes prepared statements for all SQL queries, avoids file operations and external HTTP requests, and has no known vulnerabilities in its history. This indicates a generally stable and well-maintained codebase.

However, there are significant security concerns. The plugin exposes a considerable attack surface with 7 total entry points, 4 of which lack authentication checks. This is particularly worrying for the 4 AJAX handlers that do not have authorization implemented, potentially allowing unauthenticated users to trigger sensitive actions. While taint analysis showed no immediate issues, the lack of nonces and capability checks on these unprotected AJAX endpoints creates a significant risk for Cross-Site Request Forgery (CSRF) or other unintended operations if malicious input is provided.

In conclusion, while the plugin avoids common pitfalls like raw SQL or unpatched vulnerabilities, the lack of authentication and authorization on nearly half of its entry points, especially AJAX handlers, is a critical weakness. This presents a substantial risk that needs to be addressed to improve the plugin's overall security.

Key Concerns

  • 4 AJAX handlers without authentication
  • 0 Capability checks found
  • Only 2 Nonce checks for 7 entry points
  • 85% output escaping, 15% potentially unescaped
Vulnerabilities
None known

Simple Cookie Control Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Simple Cookie Control Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
6
35 escaped
Nonce Checks
2
Capability Checks
0
File Operations
0
External Requests
0
Bundled Libraries
0

Output Escaping

85% escaped41 total outputs
Attack Surface
4 unprotected

Simple Cookie Control Attack Surface

Entry Points7
Unprotected4

AJAX Handlers 4

authwp_ajax_save_user_choicecore\class-simple-cookie-control.php:168
noprivwp_ajax_save_user_choicecore\class-simple-cookie-control.php:169
authwp_ajax_reset_cookies_analyticscore\class-simple-cookie-control.php:170
noprivwp_ajax_reset_cookies_analyticscore\class-simple-cookie-control.php:171

Shortcodes 3

[SCC_IFRAME] core\class-simple-cookie-control.php:213
[SCC_ALLOW] core\class-simple-cookie-control.php:214
[SCC_DENY] core\class-simple-cookie-control.php:215
WordPress Hooks 16
actionplugins_loadedcore\class-simple-cookie-control.php:149
filterplugin_action_links_simple-cookie-control/simple-cookie-control.phpcore\class-simple-cookie-control.php:167
actioncustomize_preview_initcore\class-simple-cookie-control.php:174
actioncustomize_controls_enqueue_scriptscore\class-simple-cookie-control.php:175
actioncustomize_controls_print_stylescore\class-simple-cookie-control.php:176
actioncustomize_registercore\class-simple-cookie-control.php:177
actioncustomize_render_control_customizer_simple_cookie_control[cookieName]core\class-simple-cookie-control.php:178
actioncustomize_render_control_customizer_simple_cookie_control[yett]core\class-simple-cookie-control.php:179
actionwp_enqueue_scriptscore\class-simple-cookie-control.php:198
actionwp_enqueue_scriptscore\class-simple-cookie-control.php:199
actionwp_headcore\class-simple-cookie-control.php:204
actionscript_loader_tagcore\class-simple-cookie-control.php:205
actionwp_headcore\class-simple-cookie-control.php:209
actionwp_footercore\class-simple-cookie-control.php:210
actionenqueue_block_editor_assetscore\class-simple-cookie-control.php:233
filterblock_categoriescore\class-simple-cookie-control.php:235
Maintenance & Trust

Simple Cookie Control Maintenance & Trust

Maintenance Signals

WordPress version tested5.3.21
Last updatedNov 16, 2019
PHP min version5.2.4
Downloads4K

Community Trust

Rating92/100
Number of ratings5
Active installs200
Alternatives

Simple Cookie Control Alternatives

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

Cookie Banner for GDPR / CCPA – WPLP Cookie Consent

gdpr-cookie-consent

A
89

WPLP Cookie Consent helps WordPress website owners display cookie consent banners, manage user preferences, and control third-party scripts in line wi …

10K 10 CVEs
EU Cookies Bar for WordPress

EU Cookies Bar for WordPress

eu-cookies-bar

A
100

Ensure GDPR (General Data Protection Regulation) compliance (EU Cookie Law) with our straightforward cookie bar

9K No CVEs
CCM19 Integration

CCM19 Integration

ccm19-integration

A
100

Integrates the CCM19 Cookie Consent Manager into WordPress. To use this plugin CCM19 needs to be bought or leased.

4K No CVEs
CookiePro | Simplify Compliance with GDPR & EU Cookie Laws

CookiePro | Simplify Compliance with GDPR & EU Cookie Laws

cookiepro

A
85

CookiePro is the most mature and trusted cookie consent tool that is purpose-built for compliance with GDPR, ePrivacy and IAB framework.

2K No CVEs
Awesome GDPR Compliant Cookie Consent and Notice

Awesome GDPR Compliant Cookie Consent and Notice

awesome-cookie-consent

A
85

Awesome way to setup GDPR Cookie Consent Banner and customize with live preview to match your Cookie Compliance Consent requirements and website layou …

500 No CVEs
Developer Profile

Simple Cookie Control Developer Profile

sumapress

2 plugins · 300 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Simple Cookie Control

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/simple-cookie-control/core/js/simple-cookie-control.min.js/wp-content/plugins/simple-cookie-control/core/css/simple-cookie-control.min.css/wp-content/plugins/simple-cookie-control/admin/js/simple-cookie-control-customizer-preview.min.js/wp-content/plugins/simple-cookie-control/admin/js/simple-cookie-control-customizer-controls.min.js/wp-content/plugins/simple-cookie-control/admin/css/simple-cookie-control-customizer-controls.min.css
Script Paths
/wp-content/plugins/simple-cookie-control/core/js/simple-cookie-control.min.js/wp-content/plugins/simple-cookie-control/admin/js/simple-cookie-control-customizer-preview.min.js/wp-content/plugins/simple-cookie-control/admin/js/simple-cookie-control-customizer-controls.min.js
Version Parameters
/wp-content/plugins/simple-cookie-control/core/css/simple-cookie-control.min.css?ver=/wp-content/plugins/simple-cookie-control/admin/css/simple-cookie-control-customizer-controls.min.css?ver=/wp-content/plugins/simple-cookie-control/core/js/simple-cookie-control.min.js?ver=/wp-content/plugins/simple-cookie-control/admin/js/simple-cookie-control-customizer-preview.min.js?ver=/wp-content/plugins/simple-cookie-control/admin/js/simple-cookie-control-customizer-controls.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
cookie-banner-contentcookie-banner-btn-wrappercookie-banner-btncookie-banner-accept-btncookie-banner-decline-btncookie-banner-content-wrapper
HTML Comments
<!-- THIS IS A SIMPLE COOKIE CONTROL BANNER -->
Data Attributes
data-accept-btn-textdata-decline-btn-textdata-learn-more-btn-textdata-content-positiondata-background-colordata-text-color+17 more
JS Globals
simpleCookieControlOptions
FAQ

Frequently Asked Questions about Simple Cookie Control