Does Termly – GDPR/CCPA Cookie Consent Banner have any unpatched vulnerabilities?

No. All known vulnerabilities in Termly – GDPR/CCPA Cookie Consent Banner have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Termly – GDPR/CCPA Cookie Consent Banner compatible with WordPress 6.9.4?

According to WordPress.org data, Termly – GDPR/CCPA Cookie Consent Banner 3.3.1 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Termly – GDPR/CCPA Cookie Consent Banner compatible with PHP 5.6+?

Termly – GDPR/CCPA Cookie Consent Banner requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Termly – GDPR/CCPA Cookie Consent Banner updated?

Termly – GDPR/CCPA Cookie Consent Banner was last updated on Jan 9, 2026. Frequent updates are generally a positive security signal.

What is Termly – GDPR/CCPA Cookie Consent Banner's security score?

Termly – GDPR/CCPA Cookie Consent Banner has a WP-Safety security score of 99/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Termly – GDPR/CCPA Cookie Consent Banner Security & Risk Analysis

wordpress.org/plugins/uk-cookie-consent

Our easy to use cookie consent plugin can assist in your GDPR, CCPA, and ePrivacy Directive compliance efforts.

90K active installs v3.3.1 PHP 5.6+ WP 5.2+ Updated Jan 9, 2026

ccpacookie-bannercookie-consentgdprprivacy

A · Safe

CVEs total2

Unpatched0

Last CVEJun 6, 2024

Plugin page Download

Safety Verdict

Is Termly – GDPR/CCPA Cookie Consent Banner Safe to Use in 2026?

Generally Safe

Score 99/100

Termly – GDPR/CCPA Cookie Consent Banner has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Jun 6, 2024Updated 2mo ago

Risk Assessment

The 'uk-cookie-consent' plugin v3.3.1 exhibits a generally good security posture based on the static analysis. It demonstrates a low attack surface with no unprotected entry points. The code follows many security best practices, including 100% use of prepared statements for SQL queries and a high percentage of properly escaped output. Nonce and capability checks are also present, indicating an awareness of common WordPress security vulnerabilities. However, the plugin's history of two medium-severity vulnerabilities, specifically related to Missing Authorization and Cross-site Scripting, raises a significant concern. While these appear to be patched, their existence suggests potential weaknesses in input validation or authorization logic that could be re-introduced or exploited in future versions if not rigorously maintained. The presence of external HTTP requests, while not inherently insecure, could be a vector for supply chain attacks if the external services are compromised, though this is a general consideration for many plugins.

Key Concerns

Two medium severity CVEs in history
External HTTP requests present

Vulnerabilities

Termly – GDPR/CCPA Cookie Consent Banner Security Vulnerabilities

CVEs by Year

1 CVE in 2018

2018

1 CVE in 2024

2024

Patched Has unpatched

Severity Breakdown

Medium

2 total CVEs

CVE-2024-35692medium · 5.3Missing Authorization

GDPR/CCPA Cookie Consent Banner <= 3.2 - Missing Authorization via handle_consent_toggle()

Jun 6, 2024 Patched in 3.2.1 (7d)

CVE-2018-10310medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Catapult UK Cookie Consent <= 2.3.9 - Stored Cross-Site Scripting

Apr 22, 2018 Patched in 2.3.10 (2102d)

Code Analysis

Analyzed Mar 16, 2026

Termly – GDPR/CCPA Cookie Consent Banner Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

163 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

98% escaped166 total outputs

Data Flows

All sanitized

Data Flow Analysis

1 flows

<edit-cookie> (includes\views\edit-cookie.php:0)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

Termly – GDPR/CCPA Cookie Consent Banner Attack Surface

Entry Points1

Unprotected0

REST API Routes 1

POST/wp-json/termly/v1/consent-toggleincludes\controllers\class-banner-settings-controller.php:200

WordPress Hooks 29

actionplugins_loadedincludes\class-internationalization.php:22

actioninitincludes\controllers\class-account-api-controller.php:23

actiontermly_account_updateincludes\controllers\class-account-api-controller.php:24

actionadmin_enqueue_scriptsincludes\controllers\class-app-controller.php:23

actionadmin_initincludes\controllers\class-app-controller.php:26

actionadmin_menuincludes\controllers\class-banner-settings-controller.php:22

actionadmin_enqueue_scriptsincludes\controllers\class-banner-settings-controller.php:23

actionadmin_initincludes\controllers\class-banner-settings-controller.php:26

actionrest_api_initincludes\controllers\class-banner-settings-controller.php:29

actionadmin_menuincludes\controllers\class-cookie-management-controller.php:22

actionadmin_enqueue_scriptsincludes\controllers\class-cookie-management-controller.php:23

actionadmin_menuincludes\controllers\class-edit-cookie.php:34

filterparent_fileincludes\controllers\class-edit-cookie.php:35

actionwp_headincludes\controllers\class-frontend.php:23

actionadmin_menuincludes\controllers\class-menu-controller.php:23

actionadmin_menuincludes\controllers\class-policies-controller.php:22

actionadmin_enqueue_scriptsincludes\controllers\class-sign-up-controller.php:23

actionadmin_initincludes\controllers\class-site-scan-controller.php:30

actionadmin_initincludes\controllers\class-site-scan-controller.php:35

actionadmin_noticesincludes\controllers\class-site-scan-controller.php:38

actionadmin_noticesincludes\controllers\class-site-scan-controller.php:197

actionadmin_initincludes\controllers\class-termly-api-controller.php:23

filtertermly_api_argsincludes\controllers\class-termly-api-controller.php:26

filtertermly_api_headersincludes\controllers\class-termly-api-controller.php:27

filtertermly_api_headersincludes\models\class-termly-api-model.php:121

filtertermly_api_headersincludes\models\class-termly-api-model.php:248

actionadmin_noticesuk-cookie-consent.php:37

actionadmin_noticesuk-cookie-consent.php:58

actionin_plugin_update_message-uk-cookie-consent/uk-cookie-consent.phpuk-cookie-consent.php:168

Scheduled Events 1

termly_account_update

Maintenance & Trust

Termly – GDPR/CCPA Cookie Consent Banner Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 9, 2026

PHP min version5.6

Downloads2.9M

Community Trust

Rating74/100

Number of ratings201

Active installs90K

Alternatives

Termly – GDPR/CCPA Cookie Consent Banner Alternatives

DigiConsent – Cookie Consent Banner for GDPR, CCPA & ePrivacy Compliance

digiconsent

100

Cookie consent solution for WordPress. GDPR, CCPA, LGPD & ePrivacy compliant banners with analytics and geolocation support.

30 No CVEs

PN Cookies Manager

pn-cookies-manager

100

Manage cookies on your website. Configure cookie consent banners, categorize cookies, and ensure compliance with privacy regulations.

10 No CVEs

GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law

gdpr-cookie-compliance

Cookie notice banner for GDPR, CCPA, EU cookie law, data protection and privacy regulations and other cookie law and consent notice requirements on yo …

300K 9 CVEs

iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more

iubenda-cookie-law-solution

The solution for GDPR compliance + more. Get your cookie banner, privacy policy, terms and conditions and handle cookie consent in just one plugin.

200K 4 CVEs

Cookiebot by Usercentrics – Automatic Cookie Banner for GDPR/CCPA & Google Consent Mode

cookiebot

Install your cookie banner in minutes. Automatically scan and block cookies to comply with the GDPR, CCPA, Google Consent Mode v2. Free plan option.

100K 1 unpatched

Developer Profile

Termly – GDPR/CCPA Cookie Consent Banner Developer Profile

davidtaroko

1 plugin · 90K total installs

trust score

Avg Security Score

99/100

Avg Patch Time

1055 days

View full developer profile

Detection Fingerprints

How We Detect Termly – GDPR/CCPA Cookie Consent Banner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/uk-cookie-consent/dist/css/termly.css

Version Parameters

uk-cookie-consent/style.css?ver=uk-cookie-consent/script.js?ver=uk-cookie-consent/dist/css/termly.css?ver=

HTML / DOM Fingerprints

CSS Classes

termly-cookie-banner-containertermly-modal-overlaytermly-modal-content

HTML Comments

Data Attributes

data-termly-iddata-termly-domaindata-termly-url

JS Globals

window.Termly

REST Endpoints

/wp-json/termly/v1/settings/wp-json/termly/v1/scan

Shortcode Output

[termly_cookie_banner][termly_privacy_policy][termly_terms_of_service]

FAQ